Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: notesfiles
Path: utzoo!watmath!clyde!burl!ulysses!mhuxl!ihnp4!zehntel!hplabs!hp-pcd!hp-dcd!donn
From: donn@hp-dcd.UUCP (donn)
Newsgroups: net.unix-wizards
Subject: Re: Re: Is the restricted shell really s
Message-ID: <3200009@hp-dcd.UUCP>
Date: Tue, 28-Aug-84 01:24:00 EDT
Article-I.D.: hp-dcd.3200009
Posted: Tue Aug 28 01:24:00 1984
Date-Received: Wed, 8-Aug-84 08:36:00 EDT
References: <210@ncoast.UUCP>
Organization: Hewlett-Packard - Fort Collins, CO
Lines: 18
Nf-ID: #R:ncoast:-21000:hp-dcd:3200009:000:742
Nf-From: hp-dcd!donn    Aug  5 21:24:00 1984

The chroot(2) call, as provided in System III and V already protects
from cd .. operations.  There's a check in namei that says "if this is
the root (as provided by chroot), then .. means . ".   Thus if the tree
under the new root is *really* a tree (no wierd links), the user can't
get out once he's in.

There is a gotcha.  Chroot(2) doesn't change your current working
directory, so as long as you move *relatively* with respect to cwd,
you have access to the rest of the filesystem.  All absolute path
searches start at the new root, so once you have cd'd to an absolute
name, your safely tied into the sub-tree.  Chroot(1) does the required
cd.

No comment on other versions of chroot.

Donn Terry
HP  Ft. Collins. Co
hplabs!hp-dcd!donn