Message-Id:	<199903120526.FAA74280@out5.ibm.net>
From:	"Mark E." <snowball3 AT usa DOT net>
To:	djgpp-workers AT delorie DOT com
Date:	Fri, 12 Mar 1999 00:26:20 -0500
MIME-Version:	1.0
Subject:	Re: chroot patches v4
In-reply-to:	<36E584A5.A2226DF8@cartsys.com>
X-mailer:	Pegasus Mail for Win32 (v3.01d)
Reply-To:	djgpp-workers AT delorie DOT com
X-Mailing-List:	djgpp-workers AT delorie DOT com
X-Unsubscribes-To:	listserv AT delorie DOT com

> A feature missing from `chroot' (unless I miss something) is that on
> Unix, the root is inherited across processes.  That is important since
> `chroot' is often used for security, so that no matter what the luser
> does, they are confined to that directory.
> 

Hi Nate,
Every time chroot is called and the root changed, the environment 
variables ROOT and CHROOT_UNIX are set. Since child programs 
inherit their environment, they will inherit these variables. The startup 
has been modified so those variables are checked for and, if present, 
chroot is called.

But for the chroot changes to be effective for its intended use, all 
children spawned by the parent must also be compiled with the chroot 
code or else the children will have free reign and security is broken. I'll 
update the docs so people will know about this.

Mark

--- 
Mark Elbrecht
snowball3 AT usa DOT net http://members.xoom.com/snowball3/

- Raw text -