Andy Polyakov, on August 25. 2000, wrote:
: > : > We thought about this long and hard. Problem is that subsystems are
: > : > executed with users' privileges, and chroot() doesn't fit that bill
: > : > too well.
: > :
: > : How about following:
: > [patch deleted]
: >
: > It is worth some thought. I'll discuss this with my co-workers. It
: > would be nice if Solaris and AIX admins could use chrooting as easily
: > as in Linux.
:
: I don't understand the latter... I've written and checked what I've
: posted under Solaris. It should also be noted that Solaris has
: fchroot(2). Intended usage is to fd=open("/"), chroot("/else/where"), do
: something there, fchroot(fd). Can't do on Linux... Or do you mean
: support for statically linked applications?
Kinda. Because with the current style we do chrooting (static
binaries, chroot() done in sshd2) Solaris and AIX admins have a hard
time installing chrooting (they have to copy the libc, at least, and
bunch of other stuff). This patch of yours, if it proves to work on
other platforms, and survives the scrutiny of our security
specialists, would make it as easy to provide chrooting in Solaris as
it is in Linux, for example.
But because the sftp-server2 needs to suid root for this to work, I
can't say yet whether it will be included.
--
[[EMAIL PROTECTED] -- Sami J. Lehtinen -- [EMAIL PROTECTED]]
[work:+358 9 85657425][gsm:+358 50 5170 258][http://www.iki.fi/~sjl]
[SSH Communications Security Corp http://www.ssh.com/]
