[Date Prev][Date Next]
slapd -r (chroot) documentation (Was: breaking up slap_init_user() for better chroot functionality)
Kurt D. Zeilenga writes:
>At 02:13 PM 10/12/2004, Pierangelo Masarati wrote:
>>I note that usually setuid() is seen as an alternative to chroot(),
> Err, when using chroot(2) as a security mechanism, it is important
> to call setuid(2) after calling chroot(2). This because a process
> running as root can easily break out of chroot(2) environment.
I did not know that. It's not mentioned in my system manpages, either.
Please add that warning where this option is described in the slapd
manpage and the admin guide.