chroot()
bob%ucla-locus at sri-unix.UUCP
bob%ucla-locus at sri-unix.UUCP
Thu Jul 7 13:12:04 AEST 1983
From: Bob English <bob at ucla-locus>
Actually, the chroot call is not the problem. Chroot works the
same way as chdir, but on a different incore directory. In order
to create a secure sub-tree, you'd have to modify namei so that
it checks for the root directory when ever it follows a path "up"
the tree.
A simpler, but less complete, solution is to make the directory
above the proposed root inaccessible to anyone in the "guest"
category. This has unfortunate side effects (pwd stops working,
users can't exec csh in the directory, etc.), but nothing that
can't be overcome.
I can't perform an experiment (chroot doesn't work to well here),
but I'd like to know what a pwd in /usr/guest yields.
--bob--
More information about the Comp.unix.wizards
mailing list