Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: notesfiles Path: utzoo!watmath!clyde!burl!ulysses!mhuxl!ihnp4!zehntel!hplabs!hp-pcd!hp-dcd!donn From: donn@hp-dcd.UUCP (donn) Newsgroups: net.unix-wizards Subject: Re: Re: Is the restricted shell really s Message-ID: <3200009@hp-dcd.UUCP> Date: Tue, 28-Aug-84 01:24:00 EDT Article-I.D.: hp-dcd.3200009 Posted: Tue Aug 28 01:24:00 1984 Date-Received: Wed, 8-Aug-84 08:36:00 EDT References: <210@ncoast.UUCP> Organization: Hewlett-Packard - Fort Collins, CO Lines: 18 Nf-ID: #R:ncoast:-21000:hp-dcd:3200009:000:742 Nf-From: hp-dcd!donn Aug 5 21:24:00 1984 The chroot(2) call, as provided in System III and V already protects from cd .. operations. There's a check in namei that says "if this is the root (as provided by chroot), then .. means . ". Thus if the tree under the new root is *really* a tree (no wierd links), the user can't get out once he's in. There is a gotcha. Chroot(2) doesn't change your current working directory, so as long as you move *relatively* with respect to cwd, you have access to the rest of the filesystem. All absolute path searches start at the new root, so once you have cd'd to an absolute name, your safely tied into the sub-tree. Chroot(1) does the required cd. No comment on other versions of chroot. Donn Terry HP Ft. Collins. Co hplabs!hp-dcd!donn