current-users: Re: chroot() behaviour? (was Re: tar ignores filenames that contain

Subject: Re: chroot() behaviour? (was Re: tar ignores filenames that contain
To: Andrew Brown <atatat@atatdot.net>
From: Greywolf <greywolf@starwolf.com>
List: current-users
Date: 10/31/2002 11:31:57

On Thu, 31 Oct 2002, Andrew Brown wrote:

# >What if chroot() were to create/cause exec semantics such that, if not
# >called by a super-user, setuid/setgid would be ignored?
#
# that would be...almost pointless, no?

D'oh.  Sorry.  I was about to say "no, not really", and I still think this
might actually be useful, if a bit crippling...

# i mean, if the binary weren't
# setuid *at all*, then root could still switch to the appropriate
# uid/gid...

Gah.  In my efforts toward thinking about security, were I to actually
implement it, I would have just removed some necessary functionality...

				--*greywolf;
--
NetBSD: The Power of Code.