Subject: Re: chroot: why super-user only?
To: David Young <email@example.com>
From: Joel Wilsson <firstname.lastname@example.org>
Date: 01/27/2003 21:09:08
On Monday, January 27, 2003, at 07:52 pm, David Young wrote:
> It is a problem in UNIX that a program runs with all the privileges
> the user who runs it, privileges to read/write files and devices, to
> bind sockets, to occupy slots in the process table, and to use the
> Chroot is an imperfect way to reduce privileges.
> In UNIX, processes are ordinarily trusted to
> exercise a tiny number of countless privileges. Most security
> are taking advantage.
Makes me think you want systrace, but perhaps I'm missing something.
Seems like it can solve most, if not all, of your (quite justified)