Security - suggested hack using chroot

[guy at rlgvax.UUCP]

There is a bug fix to make "chroot" secure under V7 (under vanilla V7,
even if you set a processes' root directory to "/usr/guest", "/.." refers to
"/usr", and thus you can't use "chroot" to box a user into a restricted
environment); the same fix was made in 4.1BSD and System III and later USG
UNIX releases.  The fix follows, along with another fix to forbid creating
files in a directory with a zero link count.  This latter fix prevents the
creation of "orphan" files with the sequence:

	mkdir foo
	cd foo
	rmdir ../foo
	>orphan

These are the 4.1BSD fixes; the System III fix to the second problem puts
the test on the line that reads:

	if((dp->i_mode&IFMT) != IFDIR)

and changes it to:

	if((dp->i_mode&IFMT) != IFDIR || dp->i_nlink==0)

which catches the problem slightly earlier (skipping the search of the directory
entirely) and returns the error ENOTDIR instead of ENOENT.

*** nami.c.orig	Sun Jul 10 15:01:57 1983
--- nami.c	Sun Jul 10 15:03:16 1983
***************
*** 99,104
  	u.u_segflg = 1;
  	eo = 0;
  	bp = NULL;
  
  eloop:
  

--- 99,107 -----
  	u.u_segflg = 1;
  	eo = 0;
  	bp = NULL;
+ 	if (dp == u.u_rdir && u.u_dbuf[0] == '.' &&
+ 	    u.u_dbuf[1] == '.' && u.u_dbuf[2] == 0)
+ 		goto cloop;
  
  eloop:
  
***************
*** 111,117
  	if(u.u_offset >= dp->i_size) {
  		if(bp != NULL)
  			brelse(bp);
! 		if(flag==1 && c=='\0') {
  			if(access(dp, IWRITE))
  				goto out;
  			u.u_pdir = dp;

--- 114,120 -----
  	if(u.u_offset >= dp->i_size) {
  		if(bp != NULL)
  			brelse(bp);
! 		if(flag==1 && c=='\0' && dp->i_nlink) {
  			if(access(dp, IWRITE))
  				goto out;
  			u.u_pdir = dp;

	Guy Harris
	{seismo,mcnc,we13,brl-bmd,allegra