Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!usc!zaphod.mps.ohio-state.edu!mips!ultra!rmg
From: rmg@ultra.com (Rich Geiger)
Newsgroups: comp.unix.wizards
Subject: Using chroot() (was:) Secure (regular) Scripts
Message-ID: <1989Dec21.164033.14762@ultra.com>
Date: 21 Dec 89 16:40:33 GMT
References: <9100020@m.cs.uiuc.edu> <562@mwtech.UUCP>
Organization: Ultra Network Technologies
Lines: 20

martin@mwtech.UUCP (Martin Weitzel) writes:
>You should *very* strongly consider, to let those unprotected guest
>logins run in a 'chroot'-ed environment.

Seems like a very good precaution!

>It requires a little bit of thinking, which commands should be
>placed into the 'chroot'-ed environment, because clearly the
>"/bin", "/usr/bin" -Directories would no longer be accessible,
>from a new root, say "/usr/guestroot".

Also, in some environments with shared libraries (for example SunOS
4.x), you will need to include a usr/lib directory and the necessary
components (ld.so, libc.so.*) used to bind shared libraries at exec
time.
-- 
 - Rich Geiger
Disclaimer: [please refer to ANSI draft "Standard Disclaimer" Rev 3.12-B/89]
Ultra Network Technologies / 101 Daggett Drive / San Jose CA 95134
rmg@ultra.com  ...!ames!ultra!rmg  (408) 922-0100 [w]  (408) 739-7911 [h]