[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: breaking up slap_init_user() for better chroot functionality

At 02:13 PM 10/12/2004, Pierangelo Masarati wrote:
>I note that usually setuid() is seen as an alternative to chroot(),

Err, when using chroot(2) as a security mechanism, it is important
to call setuid(2) after calling chroot(2).  This because a process
running as root can easily break out of chroot(2) environment.