Xref: utzoo news.admin:4176 news.sysadmin:1817 comp.mail.uucp:2455 Newsgroups: news.admin,news.sysadmin,comp.mail.uucp Path: utzoo!henry From: henry@utzoo.uucp (Henry Spencer) Subject: Re: Security of chroot() (was: Dangerous hole in Usenet) Message-ID: <1988Dec5.173308.1169@utzoo.uucp> Organization: U of Toronto Zoology References: <1971@van-bc.UUCP> <572@comdesign.CDI.COM> <5517@medusa.cs.purdue.edu> <155@ecicrl.UUCP> <172@jetson.UPMA.MD.US> <945@dlhpedg.co.uk> Date: Mon, 5 Dec 88 17:33:08 GMT In article <945@dlhpedg.co.uk> cl@datlog.co.uk (Charles Lambert) writes: >Good grief! Do you mean to say that these fundamental programs cannot >(or simply do not) check where the "real" root is? Is it not possible to >do so, as it is possible to check the real userid? It is difficult to do portably. And at some point you've got to trust something. With chroot limited to the superuser, pathnames are trustworthy unless you've got incompetent systems programmers. Chroot was never meant to be something that naive users would do every day. -- SunOSish, adj: requiring | Henry Spencer at U of Toronto Zoology 32-bit bug numbers. | uunet!attcan!utzoo!henry henry@zoo.toronto.edu