Chroot (was Re: Beware of Blindly Un-SHARing a File)
Mark Rosenthal
mbr at aoa.UUCP
Wed Apr 23 06:01:42 AEST 1986
As part of a solution to the Trojan Horse shar file problem, I suggested:
>> Another idea. Don't just run it in an empty subdirectory. Chroot to that
>> subdirectory.
In article <1451 at homxb.UUCP> os848 at homxb.UUCP (M.AJEMIAN) responds:
>chroot will require that all programs that the shar uses be accessible, meaning
>you'll have to create a bin directory in the area where you want to create
>incoming files and link in cat, mkdir, sed, the shell, etc. Also, note that
>not all UNIX ports either have chroot() or implement it properly. I'm not sure,
>but someone tells me that the old Zilog Zeus ports of Sys III allow you to use
>../../anything to get out of the new root directory. Anyone know if this is
>true or not?
>
>Pat Wood
>Pipeline Associates, Inc.
>{ihnp4, attunix} !whuxn!phw5!phw
I thought that chroot() caused open()s and creat()s and the like to use the
new root, but didn't affect the interpretation of root for exec(). Anybody
know for certain?
Also, does anybody know if there are brain-damaged implementations of chroot()
out there?
I have added net.unix-wizards to the newsgroup list for this article. If you
post a non-technical followup, please remove net.unix-wizards from the list.
--
Mark of the Valley of Roses
...!{decvax,linus,ima,ihnp4}!bbncca!aoa!mbr
...!{wjh12,mit-vax}!biomed!aoa!mbr
More information about the Comp.unix.wizards
mailing list