Xref: utzoo comp.mail.uucp:2379 news.admin:4100 news.sysadmin:1715
Newsgroups: comp.mail.uucp,news.admin,news.sysadmin
Path: utzoo!utgpu!jarvis.csri.toronto.edu!hub.toronto.edu!thomson
From: thomson@hub.toronto.edu (Brian Thomson)
Subject: Re: Dangerous hole in Usenet!
Message-ID: <8811291819.AA26343@beaches.hub.toronto.edu>
Organization: University of Toronto
References: <1971@van-bc.UUCP> <572@comdesign.CDI.COM> <5517@medusa.cs.purdue.edu> <561@redsox.UUCP> <215@twwells.uucp> <155@ecicrl.UUCP>
Date: Tue, 29 Nov 88 13:19:13 EST

In article <155@ecicrl.UUCP> clewis@ecicrl.UUCP (Chris Lewis) writes:

>Secondly, can someone out there explain why chroot is privileged?  Or
>why /etc/chroot isn't setuid?  It seems pretty darn silly that some
>mechanism that can only be used for *reducing* access rights requires
>root permission. 

Some aspects of Unix security depend on the fact that a particular
absolute filename always refers to the same object.  So, if some
privileged program executes /bin/date, or reads /etc/passwd, it knows
that it will be getting the Real Goods, because it specified a full
pathname.  If chroot is allowed, there can be no such assurance. 
-- 
		    Brian Thomson,	    CSRI Univ. of Toronto
		    utcsri!uthub!thomson, thomson@hub.toronto.edu