Subject: extending chroot()
To: None <>
From: Steve Bellovin <>
List: tech-security
Date: 01/16/2003 16:08:57
I'd like to be able to "jail" various untrusted applications, such as 
my netbrowser.  Chroot() is the obvious choice, but it requires root 
privileges.  However -- supposed we changed chroot() so that it didn't 
require root, but if executed by a non-root process, setuid and setgid 
would not be honored.  More precisely, we change the code in 
exec_script and kern_exec that checks the setuid/setgid bits; if 
cwdi_rdir is non-null, don't honor those bits.

Comments?  (I wish that socket() went through the file system, so that 
I could restrict network access that way, too.)

		--Steve Bellovin, (me) (2nd edition of "Firewalls" book)