From owner-freebsd-security  Mon Sep  9 11:26:28 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id LAA09735
          for security-outgoing; Mon, 9 Sep 1996 11:26:28 -0700 (PDT)
Received: from eel.dataplex.net (eel.dataplex.net [208.2.87.2])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id LAA09729
          for <security@freebsd.org>; Mon, 9 Sep 1996 11:26:24 -0700 (PDT)
Received: from [208.2.87.4] (cod [208.2.87.4]) by eel.dataplex.net (8.6.11/8.6.9) with SMTP id NAA21972 for <security@freebsd.org>; Mon, 9 Sep 1996 13:26:22 -0500
X-Sender: rkw@shark.dataplex.net
Message-Id: <v02140b0bae5a10f1521b@[208.2.87.4]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 9 Sep 1996 13:26:21 -0500
To: security@freebsd.org
From: rkw@dataplex.net (Richard Wackerbarth)
Subject: Question about chroot
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In looking at some of the "make" problems, I ran up against a
characteristic of "chroot" that puzzles me.

In order to chroot, you must be root. Why?

It appears to me than the only thing that chroot does is to restrict the
"visable" tree. It does not ADD anything that is not already there.

If that is the case, why wouldn't it be good enough for chroot to be suid
root and allow any user to execute it?

Am I overlooking some security hole?