Subject: Re: extending chroot()
To: Steven M. Bellovin <email@example.com>
From: Todd Vierling <firstname.lastname@example.org>
Date: 01/22/2003 19:21:16
On Fri, 17 Jan 2003, Steven M. Bellovin wrote:
: >I think that's a good idea, but I'd rather we not blanket disable
: >setuid/setgid bits if root does the chroot. In addition to running
: >servers, chroot is good for emulating old versions of the OS. For
: >instance, I think a number of folks who run -current compile packages for
: >-release in a chroot. It would be nice to have normal setuid/setgid
: >semantics there.
: Hmm -- I thought the new toolchain was the way to handle that.
Not if you want to build pkgsrc, and that still is no reason for disabling
set[ug]id by default in a *standard* chroot(2).
Perhaps a differently named call, though....
-- Todd Vierling <email@example.com>