Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!linus!philabs!seismo!hao!hplabs!sri-unix!jfw%mit-ccc@BRL.ARPA From: jfw%mit-ccc@BRL.ARPA Newsgroups: net.unix-wizards Subject: chroot() Message-ID: <2840@sri-arpa.UUCP> Date: Wed, 6-Jul-83 21:41:33 EDT Article-I.D.: sri-arpa.2840 Posted: Wed Jul 6 21:41:33 1983 Date-Received: Mon, 11-Jul-83 00:23:23 EDT Lines: 40 I have just tried your suggestion on MIT-CCC, which is a V7 PDP 11/45. The program is as follows: main() { if (chroot("/usr/jfw") < 0) exit(perror("/usr/jfw")); setuid(getuid()); execl("sh","sh",0); } In my home directory, by the way, is a copy of /bin/sh. This program is SUID root. What happens when I run it is the following: I see a shell which believes that /usr/jfw is the root. I say "ls /" and see my files (there is a copy of ls in /usr/jfw, too). BUT: If I type: cd .. the kernel obligingly looks up the inode which is linked under the name ".." and my shell lands there. Most people call it "/usr". I know not what pwd would call it, but I certainly am no longer restricted to the /usr/jfw heirarchy. I then type "cd .." again and land in the root, which is on another device. As far as 4.1BSD goes: The code for chroot(), chdir(), and chdirec() (the underlying code of both) is character for character the same: ERGO, 4.1 does exactly the same. If you tried it and got the results you claim, then you are running something which isn't standard. If you haven't tried these cases (nor thought about them), then I think you have overlooked something. Summary: REMEMBER that UNIX heirarchy reverse-links are implemented with pointers that turn the directed acyclic graph you think you see into a heavily-cyclic graph. If you want to do this, I suppose that you could remove the ".." pointer in /usr/guests, but a lot of UNIX utilities are going to throw up their hands at that. The only truly secure system is a personal computer locked in a room -- with the power cord unplugged. Undo any of those, and you've got to accept compromises. John Woods, jfw%mit-ccc@Mit-MC