donn@hp-dcd.UUCP (donn) (08/28/84)
The chroot(2) call, as provided in System III and V already protects from cd .. operations. There's a check in namei that says "if this is the root (as provided by chroot), then .. means . ". Thus if the tree under the new root is *really* a tree (no wierd links), the user can't get out once he's in. There is a gotcha. Chroot(2) doesn't change your current working directory, so as long as you move *relatively* with respect to cwd, you have access to the rest of the filesystem. All absolute path searches start at the new root, so once you have cd'd to an absolute name, your safely tied into the sub-tree. Chroot(1) does the required cd. No comment on other versions of chroot. Donn Terry HP Ft. Collins. Co hplabs!hp-dcd!donn