On Wed, Dec 05, 2012 at 04:03:40PM -0500, Mouse wrote: > >> * whether the name in question is within the process' current > >> root (forbidding fchdir and fchroot otherwise). > > Definitely. > > I'm actually not convinced this is so obviously a good thing. > > I see an analogy between root directories and UIDs. We have chroot(), > and we have setuid() - but we also have setreuid(). I can see > potential use for chroot-hopping between multiple directories. > > I'm not sure NetBSD should support that. But I'm not sure it should > forbid it, either. I'm not sure how I'd design an interface for it, > but it might be worth thinking about when implementing whatever NetBSD > eventually decides on.
Well, let me refine what I said: this should be part of the permissions scheme for capability passing. -- David A. Holland dholl...@netbsd.org