Subject: Re: extending chroot()
To: Steven M. Bellovin <>
From: Todd Vierling <>
List: tech-security
Date: 01/22/2003 19:21:16
On Fri, 17 Jan 2003, Steven M. Bellovin wrote:

: >I think that's a good idea, but I'd rather we not blanket disable
: >setuid/setgid bits if root does the chroot. In addition to running
: >servers, chroot is good for emulating old versions of the OS. For
: >instance, I think a number of folks who run -current compile packages for
: >-release in a chroot. It would be nice to have normal setuid/setgid
: >semantics there.
: Hmm -- I thought the new toolchain was the way to handle that.

Not if you want to build pkgsrc, and that still is no reason for disabling
set[ug]id by default in a *standard* chroot(2).

Perhaps a differently named call, though....

-- Todd Vierling <>