Xref: utzoo news.admin:4099 news.sysadmin:1714 comp.mail.uucp:2378 Newsgroups: news.admin,news.sysadmin,comp.mail.uucp Path: utzoo!henry From: henry@utzoo.uucp (Henry Spencer) Subject: Re: Dangerous hole in Usenet! Message-ID: <1988Nov29.181037.23528@utzoo.uucp> Organization: U of Toronto Zoology References: <1971@van-bc.UUCP> <572@comdesign.CDI.COM> <5517@medusa.cs.purdue.edu> <561@redsox.UUCP> <215@twwells.uucp> <155@ecicrl.UUCP> Date: Tue, 29 Nov 88 18:10:37 GMT In article <155@ecicrl.UUCP> clewis@ecicrl.UUCP (Chris Lewis) writes: >Secondly, can someone out there explain why chroot is privileged? ... >... It seems pretty darn silly that some >mechanism that can only be used for *reducing* access rights requires >root permission... The latter sentence would be reasonable, except that it does not apply to chroot. Chroot can expand access rights as well as reducing them, because it gives absolute control over the file system, and some parts of the file system are vital to the protection system. For example, login assumes that the file it finds when it opens "/etc/passwd" is the system password file. -- SunOSish, adj: requiring | Henry Spencer at U of Toronto Zoology 32-bit bug numbers. | uunet!attcan!utzoo!henry henry@zoo.toronto.edu