From owner-freebsd-hackers Sun Nov 15 07:32:20 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA04239 for freebsd-hackers-outgoing; Sun, 15 Nov 1998 07:32:20 -0800 (PST) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from bingsun2.cc.binghamton.edu (bingsun2.cc.binghamton.edu [128.226.1.6]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA04234 for ; Sun, 15 Nov 1998 07:32:18 -0800 (PST) (envelope-from bf20761@binghamton.edu) Received: from localhost (bf20761@localhost) by bingsun2.cc.binghamton.edu (8.8.7/8.6.9) with SMTP id KAA06009 for ; Sun, 15 Nov 1998 10:31:48 -0500 (EST) Date: Sun, 15 Nov 1998 10:31:47 -0500 (EST) From: zhihuizhang X-Sender: bf20761@bingsun2 To: hackers Subject: Question on chroot() Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I am quite confused with the usage of chroot(). It is said that chroot() can only be performed by superuser and the chroot()'ed environment is valid only for superuser that calls chroot() and its descendent (I assume that a descendent inherits its parent's UID). However, a root can escape the environment withoud much difficulty. I even find on the Web a page telling you how to break the chroot jail by root. With these in mind, I can not figure out why the chroot() is really useful to set up a ristricted access to a system and how a NORMAL user can be setup to access only the chroot()'ed environment. Any help is appreciated. -------------------------------------------------- | Zhihui Zhang, http://cs.binghamton.edu/~zzhang | | Dept. of Computer Science, SUNY at Binghamton | -------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message