Return to BSD News archive
Xref: sserve comp.os.386bsd.bugs:2596 comp.os.386bsd.questions:14436 Newsgroups: comp.os.386bsd.bugs,comp.os.386bsd.questions Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.uwa.edu.au!DIALix!metapro!bernie From: bernie@metapro.DIALix.oz.au (Bernd Felsche) Subject: Re: chroot() in FreeBSD 1.1.5.1 Message-ID: <Cz8xB9.AM2@metapro.DIALix.oz.au> Organization: MetaPro Systems, Perth, Western Australia References: <39vvl6$90m@clavin.uprc.com> <3a06kq$9bs@dagny.galt.com> Date: Mon, 14 Nov 1994 07:11:33 GMT Lines: 17 In <3a06kq$9bs@dagny.galt.com> alex@pc.cc.cmu.edu (alex wetmore) writes: >> Big question: why can't normal users call chroot??? > This call is restricted to the super-user. >I'm not sure why its implemented this way. I thought I would find an >answer in Leffler, et al, but I just checked and it didn't say. The source >code for the system call doesn't say either. It'd be a security hole otherwise... it is possible for users to "escape" from within the chroot environment if they gain sufficient privileges within. Being able to do your own chroot means that you can pre-arrange for those privileges. -- Bernd Felsche, MetaPro Systems Pty Ltd 328 Albany Highway, Victoria Park, Western Australia Phone: +61 9 362 9355 Fax: +61 9 472 3337