[Date Prev][Date Next]
Re: breaking up slap_init_user() for better chroot functionality
Kurt D. Zeilenga wrote:
At 02:13 PM 10/12/2004, Pierangelo Masarati wrote:
I note that usually setuid() is seen as an alternative to chroot(),
Err, when using chroot(2) as a security mechanism, it is important
to call setuid(2) after calling chroot(2). This because a process
running as root can easily break out of chroot(2) environment.
Sorry. I guess that's why I usually just setuid().
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497