Xref: utzoo news.sysadmin:1925 comp.unix.wizards:13380
Path: utzoo!attcan!uunet!ccicpg!turnkey!conexch!root
From: root@conexch.UUCP (Larry Dighera)
Newsgroups: news.sysadmin,comp.unix.wizards
Subject: chroot(2)
Summary: You have to be superuser to change the root directory
Keywords: chroot
Message-ID: <16097@conexch.UUCP>
Date: 11 Dec 88 01:08:16 GMT
References: <1971@van-bc.UUCP> <572@comdesign.CDI.COM> <5517@medusa.cs.purdue.edu> <561@redsox.UUCP> <215@twwells.uucp> <155@ecicrl.UUCP> <1988Nov29.181037.23528@utzoo.uucp> <157@ecicrl.UUCP>
Reply-To: root@conexch.UUCP (Larry Dighera)
Organization: The Consultants' Exchange, Orange County, CA.  (714) 842-6348
Lines: 26
Followup-To:

In article <157@ecicrl.UUCP> clewis@ecicrl.UUCP (Chris Lewis) writes:
>
>Thanks Henry (and literally dozens of others) for pointing out the problems
>of world-executable chroot.  What a dumb question to ask.
[...]

The System V.3 _System_Calls_and_Library_Routines manual states on the
chroot(2) page:

        " The effective user ID of the process must be super-user to
        change the root directory."

The permission mode of the SysV.3 chroot command file really only
applies to super-users, since the kernel will enforce the above.
Were chroot to be world-executable, the fact remains that your
effective ID would still have to be 0 in order to successfully
execute chroot.  If chroot were owned by root, I suppose, setting
the SUID bit on the file would circumvent this safeguard.

Larry Dighera

-- 
USPS: The Consultants' Exchange, PO Box 12100, Santa Ana, CA  92712
TELE: (714) 842-6348: BBS (N81); (714) 842-5851: Xenix guest account (E71)
UUCP: conexch Any ACU 2400 17148425851 ogin:-""-ogin:-""-ogin: nuucp
UUCP: ...!uunet!turnkey!conexch!root || ...!trwrb!ucla-an!conexch!root