Message-Id: <199903120526.FAA74280@out5.ibm.net> From: "Mark E." To: djgpp-workers AT delorie DOT com Date: Fri, 12 Mar 1999 00:26:20 -0500 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: chroot patches v4 In-reply-to: <36E584A5.A2226DF8@cartsys.com> X-mailer: Pegasus Mail for Win32 (v3.01d) Reply-To: djgpp-workers AT delorie DOT com X-Mailing-List: djgpp-workers AT delorie DOT com X-Unsubscribes-To: listserv AT delorie DOT com Precedence: bulk > A feature missing from `chroot' (unless I miss something) is that on > Unix, the root is inherited across processes. That is important since > `chroot' is often used for security, so that no matter what the luser > does, they are confined to that directory. > Hi Nate, Every time chroot is called and the root changed, the environment variables ROOT and CHROOT_UNIX are set. Since child programs inherit their environment, they will inherit these variables. The startup has been modified so those variables are checked for and, if present, chroot is called. But for the chroot changes to be effective for its intended use, all children spawned by the parent must also be compiled with the chroot code or else the children will have free reign and security is broken. I'll update the docs so people will know about this. Mark --- Mark Elbrecht snowball3 AT usa DOT net http://members.xoom.com/snowball3/