cl@datlog.co.uk (Charles Lambert) (12/02/88)
In article <172@jetson.UPMA.MD.US> john@jetson.UPMA.MD.US (John Owens) writes: >In other words, chroot allows you to fool privileged programs that >rely on files with particular pathnames (/etc/passwd, /etc/group, >/etc/hosts.equiv, /usr/lib/sendmail.cf, /usr/lib/aliases, etc.). Good grief! Do you mean to say that these fundamental programs cannot (or simply do not) check where the "real" root is? Is it not possible to do so, as it is possible to check the real userid? Charlie
henry@utzoo.uucp (Henry Spencer) (12/06/88)
In article <945@dlhpedg.co.uk> cl@datlog.co.uk (Charles Lambert) writes: >Good grief! Do you mean to say that these fundamental programs cannot >(or simply do not) check where the "real" root is? Is it not possible to >do so, as it is possible to check the real userid? It is difficult to do portably. And at some point you've got to trust something. With chroot limited to the superuser, pathnames are trustworthy unless you've got incompetent systems programmers. Chroot was never meant to be something that naive users would do every day. -- SunOSish, adj: requiring | Henry Spencer at U of Toronto Zoology 32-bit bug numbers. | uunet!attcan!utzoo!henry henry@zoo.toronto.edu