Xref: utzoo comp.mail.uucp:2379 news.admin:4100 news.sysadmin:1715 Newsgroups: comp.mail.uucp,news.admin,news.sysadmin Path: utzoo!utgpu!jarvis.csri.toronto.edu!hub.toronto.edu!thomson From: thomson@hub.toronto.edu (Brian Thomson) Subject: Re: Dangerous hole in Usenet! Message-ID: <8811291819.AA26343@beaches.hub.toronto.edu> Organization: University of Toronto References: <1971@van-bc.UUCP> <572@comdesign.CDI.COM> <5517@medusa.cs.purdue.edu> <561@redsox.UUCP> <215@twwells.uucp> <155@ecicrl.UUCP> Date: Tue, 29 Nov 88 13:19:13 EST In article <155@ecicrl.UUCP> clewis@ecicrl.UUCP (Chris Lewis) writes: >Secondly, can someone out there explain why chroot is privileged? Or >why /etc/chroot isn't setuid? It seems pretty darn silly that some >mechanism that can only be used for *reducing* access rights requires >root permission. Some aspects of Unix security depend on the fact that a particular absolute filename always refers to the same object. So, if some privileged program executes /bin/date, or reads /etc/passwd, it knows that it will be getting the Real Goods, because it specified a full pathname. If chroot is allowed, there can be no such assurance. -- Brian Thomson, CSRI Univ. of Toronto utcsri!uthub!thomson, thomson@hub.toronto.edu