Re: breaking up slap_init_user() for better chroot functionality

[Pierangelo Masarati <ando@sys-net.it>]

Kurt D. Zeilenga wrote:

> At 02:13 PM 10/12/2004, Pierangelo Masarati wrote:
>  
>
> > I note that usually setuid() is seen as an alternative to chroot(),
> >    
>
> Err, when using chroot(2) as a security mechanism, it is important
> to call setuid(2) after calling chroot(2).  This because a process
> running as root can easily break out of chroot(2) environment.
>  
Sorry.   I guess that's why I usually just setuid().

Ciao, p.





   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497