From owner-freebsd-hackers  Sun Nov 15 09:57:55 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA16996
          for freebsd-hackers-outgoing; Sun, 15 Nov 1998 09:57:55 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from dingo.cdrom.com (castles249.castles.com [208.214.165.249])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA16991
          for <freebsd-hackers@FreeBSD.ORG>; Sun, 15 Nov 1998 09:57:53 -0800 (PST)
          (envelope-from mike@dingo.cdrom.com)
Received: from dingo.cdrom.com (LOCALHOST [127.0.0.1])
	by dingo.cdrom.com (8.9.1/8.8.8) with ESMTP id JAA13251;
	Sun, 15 Nov 1998 09:56:32 -0800 (PST)
	(envelope-from mike@dingo.cdrom.com)
Message-Id: <199811151756.JAA13251@dingo.cdrom.com>
X-Mailer: exmh version 2.0.2 2/24/98
To: zhihuizhang <bf20761@binghamton.edu>
cc: hackers <freebsd-hackers@FreeBSD.ORG>
Subject: Re: Question on chroot() 
In-reply-to: Your message of "Sun, 15 Nov 1998 10:31:47 EST."
             <Pine.SOL.L3.93.981115102202.5823A-100000@bingsun2> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sun, 15 Nov 1998 09:56:32 -0800
From: Mike Smith <mike@smith.net.au>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> 
> I am quite confused with the usage of chroot().  It is said that chroot()
> can only be performed by superuser and the chroot()'ed environment is
> valid only for superuser that calls chroot() and its descendent (I assume
> that a descendent inherits its parent's UID). 
> 
> However, a root can escape the environment withoud much difficulty.  I
> even find on the Web a page telling you how to break the chroot jail by
> root.
> 
> With these in mind, I can not figure out why the chroot() is really useful
> to set up a ristricted access to a system and how a NORMAL user can be
> setup to access only the chroot()'ed environment. 

Breaking out of a chroot'ed environment is less easy if you're not 
root, so when it's used for security purposes, the chroot() call is 
made as root as part of the login process, and then root priviledges 
are surrendered.  See how login() arranges for the login shell to run 
as the user, while itself running as root to access the password 
database.

However, chroot() is more usful as a functional tool, allowing you to 
perform tasks that expect to operate on a system-wide scope without 
having them actually change your system.  Eg. we use chroot to provide 
an environment for building the FreeBSD package collection, where 
packages must be installed and removed on a frequent basis, without 
actually affecting the package set installed on the host system.

-- 
\\  Sometimes you're ahead,       \\  Mike Smith
\\  sometimes you're behind.      \\  mike@smith.net.au
\\  The race is long, and in the  \\  msmith@freebsd.org
\\  end it's only with yourself.  \\  msmith@cdrom.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message