Subject: Re: misc/2634: /usr/sbin/chroot is a bogon
To: None <douzzer@mit.edu>
From: Chris G Demetriou <Chris_G_Demetriou@ux2.sp.cs.cmu.edu>
List: netbsd-bugs
Date: 07/16/1996 07:16:45
> 	hey guys, /usr/sbin/chroot can not possibly work out.
> if it ever leaves experimental status and goes setuid in a release,
> here is what will happen:
> [ ... ]

Funny, that it exactly an example of _why_ chroot is _not_ setuid, and
why past calls to have it made setuid have been resisted.

chroot is intended for use only by root; if you make it setuid it has
exactly (or something similar to) the vulnerability you describe.


I'm sure that past discussions have been logged somewhere in the
mailing list archives...


cgd