On Fri, 17 Jan 2003, Steven M. Bellovin wrote:

: >I think that's a good idea, but I'd rather we not blanket disable
: >setuid/setgid bits if root does the chroot. In addition to running
: >servers, chroot is good for emulating old versions of the OS. For
: >instance, I think a number of folks who run -current compile packages for
: >-release in a chroot. It would be nice to have normal setuid/setgid
: >semantics there.
:
: Hmm -- I thought the new toolchain was the way to handle that.

Not if you want to build pkgsrc, and that still is no reason for disabling
set[ug]id by default in a *standard* chroot(2).

Perhaps a differently named call, though....

-- 
-- Todd Vierling <tv@pobox.com>