delorie.com/archives/browse.cgi   search  
Mail Archives: djgpp-workers/1999/03/12/13:40:44

From: Alain Magloire <alainm AT rcsm DOT ece DOT mcgill DOT ca>
Message-Id: <199903121840.NAA25277@mccoy2.ECE.McGill.CA>
Subject: Re: chroot patches v4
To: djgpp-workers AT delorie DOT com
Date: Fri, 12 Mar 1999 13:40:32 -0500 (EST)
In-Reply-To: <36E584A5.A2226DF8@cartsys.com> from "Nate Eldredge" at Mar 9, 99 12:29:25 pm
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Reply-To: djgpp-workers AT delorie DOT com
X-Mailing-List: djgpp-workers AT delorie DOT com
X-Unsubscribes-To: listserv AT delorie DOT com

Bonjour

[I'm talking as a 3 weeks experience DOS/DJGPP user, so .. ]

> Just thought of this.
> 
> A feature missing from `chroot' (unless I miss something) is that on
> Unix, the root is inherited across processes.  That is important since
> `chroot' is often used for security, so that no matter what the luser
> does, they are confined to that directory.
> 
> Obviously we can't hope to implement that in general, since it will
> require cooperation on the part of the child, which may or may not be
> DJGPP-compiled.  Also, I'm not sure if it's important, since security on
> MS-DOS is impossible anyway.  But I just wondered if perhaps the
> application using `chroot' here (for what are we implementing this,
> anyway?  I forget) will expect that.

I probably should take some eat for bringing this to djgpp-workers.
It was in an effort to bring some kind of support for DJGPP, in
GNU inetutils.  It was my belief that DOS/Win was a multitask OS,
I did not foresee so many restrictions.

I often read "security on MS-DOS is impossible", but security
has many facets. DOS, I suppose, was not design as an multi-user
OS, so general system security is minimalist.  But network security can
certainly be acheive with some care.

If I have a server and to provide some security: restriction of files
access by the clients, chroot() is a perfectly valid framework.
To be able to imprison a process is sometimes require.

	From: DJ Delorie <dj AT delorie DOT com>
	Tue, 09 Mar 1999 12:29:25 -0800)
	Please, someone remind me why djgpp needs chroot.

I'm kinda puzzle by this remark. Since there is talk to integrate
libsocket in to DJGPP. Libsocket API could bring some sort of IPC
and make possible to code a true server.


-- 
au revoir, alain
----
Aussi haut que l'on soit assis, on est toujours assis que sur son cul !!!

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019