[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd -r (chroot) documentation (Was: breaking up slap_init_user() for better chroot functionality)

I committed a few changes in this area.  If not sufficient,
feel free to offer specific suggestions.


At 03:52 PM 10/12/2004, Hallvard B Furuseth wrote:
>Kurt D. Zeilenga writes:
>>At 02:13 PM 10/12/2004, Pierangelo Masarati wrote:
>>>I note that usually setuid() is seen as an alternative to chroot(),
>> Err, when using chroot(2) as a security mechanism, it is important
>> to call setuid(2) after calling chroot(2).  This because a process
>> running as root can easily break out of chroot(2) environment.
>I did not know that.  It's not mentioned in my system manpages, either.
>Please add that warning where this option is described in the slapd
>manpage and the admin guide.