Subject: Re: misc/2634: /usr/sbin/chroot is a bogon
To: Chris G Demetriou <Chris_G_Demetriou@ux2.sp.cs.cmu.edu>
From: David Brownlee <david@mono.org>
List: netbsd-bugs
Date: 07/16/1996 20:27:31
Anyone care to submit a pr updating the man page to explain
this? :)
.---- I've been too drunk to love ----.--- I've been too drunk to remember -.
| Too drunk to care | The hell of the night before |
| Looked like death, felt like Hell | I've been drinking myself blind |
`------ Been the worse for wear ------'--- And still I'll drink some more --'
On Tue, 16 Jul 1996, Chris G Demetriou wrote:
> > hey guys, /usr/sbin/chroot can not possibly work out.
> > if it ever leaves experimental status and goes setuid in a release,
> > here is what will happen:
> > [ ... ]
>
> Funny, that it exactly an example of _why_ chroot is _not_ setuid, and
> why past calls to have it made setuid have been resisted.
>
> chroot is intended for use only by root; if you make it setuid it has
> exactly (or something similar to) the vulnerability you describe.
>
>
> I'm sure that past discussions have been logged somewhere in the
> mailing list archives...
>
>
> cgd
>