Subject: Re: misc/2634: /usr/sbin/chroot is a bogon
To: Chris G Demetriou <Chris_G_Demetriou@ux2.sp.cs.cmu.edu>
From: David Brownlee <david@mono.org>
List: netbsd-bugs
Date: 07/16/1996 20:27:31
	Anyone care to submit a pr updating the man page to explain
	this? :)

.---- I've been too drunk to love ----.--- I've been too drunk to remember -.
|          Too drunk to care          |     The hell of the night before    |
|  Looked like death, felt like Hell  |    I've been drinking myself blind  |
`------ Been the worse for wear ------'--- And still I'll drink some more --'


On Tue, 16 Jul 1996, Chris G Demetriou wrote:

> > 	hey guys, /usr/sbin/chroot can not possibly work out.
> > if it ever leaves experimental status and goes setuid in a release,
> > here is what will happen:
> > [ ... ]
> 
> Funny, that it exactly an example of _why_ chroot is _not_ setuid, and
> why past calls to have it made setuid have been resisted.
> 
> chroot is intended for use only by root; if you make it setuid it has
> exactly (or something similar to) the vulnerability you describe.
> 
> 
> I'm sure that past discussions have been logged somewhere in the
> mailing list archives...
> 
> 
> cgd
>