From: Alain Magloire Message-Id: <199903121840.NAA25277@mccoy2.ECE.McGill.CA> Subject: Re: chroot patches v4 To: djgpp-workers AT delorie DOT com Date: Fri, 12 Mar 1999 13:40:32 -0500 (EST) In-Reply-To: <36E584A5.A2226DF8@cartsys.com> from "Nate Eldredge" at Mar 9, 99 12:29:25 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Reply-To: djgpp-workers AT delorie DOT com X-Mailing-List: djgpp-workers AT delorie DOT com X-Unsubscribes-To: listserv AT delorie DOT com Precedence: bulk Bonjour [I'm talking as a 3 weeks experience DOS/DJGPP user, so .. ] > Just thought of this. > > A feature missing from `chroot' (unless I miss something) is that on > Unix, the root is inherited across processes. That is important since > `chroot' is often used for security, so that no matter what the luser > does, they are confined to that directory. > > Obviously we can't hope to implement that in general, since it will > require cooperation on the part of the child, which may or may not be > DJGPP-compiled. Also, I'm not sure if it's important, since security on > MS-DOS is impossible anyway. But I just wondered if perhaps the > application using `chroot' here (for what are we implementing this, > anyway? I forget) will expect that. I probably should take some eat for bringing this to djgpp-workers. It was in an effort to bring some kind of support for DJGPP, in GNU inetutils. It was my belief that DOS/Win was a multitask OS, I did not foresee so many restrictions. I often read "security on MS-DOS is impossible", but security has many facets. DOS, I suppose, was not design as an multi-user OS, so general system security is minimalist. But network security can certainly be acheive with some care. If I have a server and to provide some security: restriction of files access by the clients, chroot() is a perfectly valid framework. To be able to imprison a process is sometimes require. From: DJ Delorie Tue, 09 Mar 1999 12:29:25 -0800) Please, someone remind me why djgpp needs chroot. I'm kinda puzzle by this remark. Since there is talk to integrate libsocket in to DJGPP. Libsocket API could bring some sort of IPC and make possible to code a true server. -- au revoir, alain ---- Aussi haut que l'on soit assis, on est toujours assis que sur son cul !!!