Subject: Re: chroot() behaviour? (was Re: tar ignores filenames that contain
To: Andrew Brown <>
From: Greywolf <>
List: tech-security
Date: 10/31/2002 11:31:57
On Thu, 31 Oct 2002, Andrew Brown wrote:

# >What if chroot() were to create/cause exec semantics such that, if not
# >called by a super-user, setuid/setgid would be ignored?
# that would be...almost pointless, no?

D'oh.  Sorry.  I was about to say "no, not really", and I still think this
might actually be useful, if a bit crippling...

# i mean, if the binary weren't
# setuid *at all*, then root could still switch to the appropriate
# uid/gid...

Gah.  In my efforts toward thinking about security, were I to actually
implement it, I would have just removed some necessary functionality...

NetBSD: The Power of Code.