[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: breaking up slap_init_user() for better chroot functionality

Kurt D. Zeilenga wrote:

At 02:13 PM 10/12/2004, Pierangelo Masarati wrote:

I note that usually setuid() is seen as an alternative to chroot(),

Err, when using chroot(2) as a security mechanism, it is important
to call setuid(2) after calling chroot(2). This because a process
running as root can easily break out of chroot(2) environment.

Sorry.   I guess that's why I usually just setuid().

Ciao, p.

   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497