Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!linus!philabs!seismo!hao!hplabs!sri-unix!MCLINDEN@RUTGERS.ARPA From: MCLINDEN@RUTGERS.ARPA Newsgroups: net.unix-wizards Subject: Re: Security - suggested hack using chroot Message-ID: <2829@sri-arpa.UUCP> Date: Wed, 6-Jul-83 20:47:23 EDT Article-I.D.: sri-arpa.2829 Posted: Wed Jul 6 20:47:23 1983 Date-Received: Mon, 11-Jul-83 00:13:37 EDT Lines: 23 From: Sean McLindenAndy: I don't know about version 7 Unix, but the situation I suggested has little to do with what is linked to what. The simple fact is that if you chroot to "/usr/guest" for example, then "/" is equivalent to "/usr/guest", there is NO "/usr", or rather, if there is a "/usr" it would (in reality), be "/usr/guest/usr". The prefixing slash in any pathname is, in fact, an abbreviation for the root directory (whatever it happens to be). Insofar as any program you might want to write goes, you can't backup over that link, even if it does exist. I suggest you retry the problem only this time make sure it does a setuid "root" (it obviously won't work, otherwise). By the way, this isn't just speculation. I've done it. The bubble is in your court. Sean -------