Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!think!harvard!seismo!mcvax!ukc!cstvax!simon
From: simon@cstvax.UUCP (Simon Brown)
Newsgroups: net.sources.bugs
Subject: Re: Chroot (was Re: Beware of Blindly Un-SHARing a File)
Message-ID: <111@cstvax.UUCP>
Date: Fri, 9-May-86 14:47:16 EDT
Article-I.D.: cstvax.111
Posted: Fri May  9 14:47:16 1986
Date-Received: Tue, 13-May-86 01:31:46 EDT
References: <947@kitty.UUCP> <2407@prls.UUCP> <1439@garfield.columbia.edu> <460@aoa.UUCP> <191@brl-sem.ARPA>
Reply-To: simon@cstvax.UUCP (Simon Brown)
Organization: Comp. Sc., Edinburgh Univ., Scotland
Lines: 43

In article <191@brl-sem.ARPA> ron@brl-sem.UUCP writes:
>> I thought that chroot() caused open()s and creat()s and the like to use the
>> new root, but didn't affect the interpretation of root for exec().  Anybody
>> know for certain?
>> 
>1.  CHROOT is not universal.
>2.  At least 4.2 CHROOT works for any access, I'd think it would be
>    more difficult to go and modify nami to do something different when
>    looking up different types of objects.
>3.  If you chroot, you must have an entire duplicate system under the
>    new root including /etc/passwd, and all commands that might want
>    to get run.


And Version-7 chroot() is the same - ALL filenames are accessed relative to
the new root.

Actually, you don't need very much stuff to be duplicated, unless you're
doing something complicated...

Setting your path to be
	( ../../../bin ../../../usr/bin ../../../usr/ucb etc... )
goes quite a long way to fixing stuff so normal commands executed from
the shell will still work.
Of course /lib and /usr/lib don't exist any more, which is a bit embarrassing
sometimes, like if you want to use the C-compiler, or lint, or something...

Also, the number of "../"'s you need in the path will depend on where
you've chrooted to.

Of course, under 4.2BSD, you can always set up symbolic links to all the
important directories (/dev, /bin, /usr, /etc, /tmp ...) within the
chrooted directory, so everything looks normal, I suppose...


-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----

					Simon Brown

				...!mcvax!ukc!cstvax!simon

						Dept. of computer science
						University of Edinburgh