Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 7/7/83; site rlgvax.UUCP
Path: utzoo!linus!philabs!seismo!rlgvax!guy
From: guy@rlgvax.UUCP
Newsgroups: net.unix-wizards
Subject: Re: Security
Message-ID: <807@rlgvax.UUCP>
Date: Sun, 10-Jul-83 15:00:23 EDT
Article-I.D.: rlgvax.807
Posted: Sun Jul 10 15:00:23 1983
Date-Received: Mon, 11-Jul-83 10:35:38 EDT
References: <2825@sri-arpa.UUCP>
Organization: CCI Office Systems Group, Reston, VA
Lines: 26

1) Anybody out there know *why* the 4.1BSD manuals don't document "chroot"?
The V7 manual does, and the System III and System V manuals do.

2) On a vanilla V7 system "chroot" is *not* secure.  You can reference above
your fake root with "..".  This bug has been fixed in 4.1BSD and in System III
and later USG releases.  In fact, there is an undocumented feature of the
System III "login"; if the user's login shell begins with "*" (or is "*"),
"login" changes the root to the home directory specified in the password file,
prints "Subsystem root: ", and attempts to run "/etc/login"
and, if that fails, "/bin/login" from the new root.  The System V login does
all this (which implies it wasn't just a hack) and also sticks the string
 in the environment (that's right, a string in the environment with
no "=" in it!).  My interpretation of this is that you put an entry for the
*subsystem*, not for the *user*, in the password file (i.e., if you had a
subsystem called "anonymous", you would have:

anonymous:::::/anonymous:*

in the password file.  Then you would put the password file for the anonymous
user subsystem in "/anonymous/etc/passwd", and either a copy of/link to
"/etc/login" or a special login program in "/anonymous/etc/login".  Is this
how it is intended to be used?  And why is it not documented in the System III
or System V documentation?

	Guy Harris
	{seismo,mcnc,we13,brl-bmd,allegra}!rlgvax!guy