Subject: Re: extending chroot()
To: Steve Bellovin <>
From: Andrew Brown <>
List: tech-security
Date: 01/16/2003 16:41:51
>I'd like to be able to "jail" various untrusted applications, such as 
>my netbrowser.  Chroot() is the obvious choice, but it requires root 
>privileges.  However -- supposed we changed chroot() so that it didn't 
>require root, but if executed by a non-root process, setuid and setgid 
>would not be honored.  More precisely, we change the code in 
>exec_script and kern_exec that checks the setuid/setgid bits; if 
>cwdi_rdir is non-null, don't honor those bits.

could you use systrace in conjunction with chroot() to accomplish what
you need?

>Comments?  (I wish that socket() went through the file system, so that 
>I could restrict network access that way, too.)

systrace can implement access control on source/destination addresses,
though i've not tried anything complex with it yet.

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."