Xref: utzoo news.admin:4099 news.sysadmin:1714 comp.mail.uucp:2378
Newsgroups: news.admin,news.sysadmin,comp.mail.uucp
Path: utzoo!henry
From: henry@utzoo.uucp (Henry Spencer)
Subject: Re: Dangerous hole in Usenet!
Message-ID: <1988Nov29.181037.23528@utzoo.uucp>
Organization: U of Toronto Zoology
References: <1971@van-bc.UUCP> <572@comdesign.CDI.COM> <5517@medusa.cs.purdue.edu> <561@redsox.UUCP> <215@twwells.uucp> <155@ecicrl.UUCP>
Date: Tue, 29 Nov 88 18:10:37 GMT

In article <155@ecicrl.UUCP> clewis@ecicrl.UUCP (Chris Lewis) writes:
>Secondly, can someone out there explain why chroot is privileged? ...
>... It seems pretty darn silly that some
>mechanism that can only be used for *reducing* access rights requires
>root permission...

The latter sentence would be reasonable, except that it does not apply
to chroot.  Chroot can expand access rights as well as reducing them,
because it gives absolute control over the file system, and some parts
of the file system are vital to the protection system.  For example,
login assumes that the file it finds when it opens "/etc/passwd" is the
system password file.
-- 
SunOSish, adj:  requiring      |     Henry Spencer at U of Toronto Zoology
32-bit bug numbers.            | uunet!attcan!utzoo!henry henry@zoo.toronto.edu