Subject: Re: chroot: why super-user only?
To: None <tech-kern@netbsd.org>
From: David Young <dyoung@pobox.com>
List: tech-kern
Date: 01/23/2003 17:46:54
On Thu, Jan 23, 2003 at 03:02:26PM -0800, Greywolf wrote:
> [DY: Put another way, under what conditions is it safe for a non-root user
> [DY: to chroot(2)?
>
> This falls into the same category of "Under what conditions is it safe to
> point a loaded gun at oneself?", really.
No. Under what conditions is it a squirt gun? =)
> You would need to disallow set-id execution (and, arguably, device
> access.) The effects of this are left as an exercise for the
> practitioner.
Device access? Explain, please?
Dave
--
David Young OJC Technologies
dyoung@ojctech.com Engineering from the Right Brain
Urbana, IL * (217) 278-3933