>>>>> "dM" == der Mouse <mouse@Rodents.Montreal.QC.CA> writes:


dM> chroot(8)'s spec is that it chroot(2)s (and chdir()s) and then execs.
dM> Since exec fundamentally depends on pathnames, and pathname
dM> interpretation has been changed (that's the whole point!), the
dM> executable must perforce be in the new root.

I was thinking about related issues earlier.  For orthogonality, it
might be convenient to have an "fexec" syscall that gets the text vnode
from a file descriptor-reference.

For instance, this would allow "passing dinner" (an executable not
present in the jail) to a prisoner in a chroot jail, via a file
descriptor passing "jail-keeper" process.

-- 
==John Kohl <jtk@kolvir.arlington.ma.us>, <john_kohl@alum.mit.edu>
Write a poem, share your heart!
Home page: <URL:http://people.ne.mediaone.net/jtk/>
Note new home zip code as of July 1, 1998: 02476