From owner-freebsd-hackers  Mon Feb 24 11:25:50 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id LAA10027
          for hackers-outgoing; Mon, 24 Feb 1997 11:25:50 -0800 (PST)
Received: from gvr.win.tue.nl (root@gvr.win.tue.nl [131.155.210.19])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA10004;
          Mon, 24 Feb 1997 11:25:40 -0800 (PST)
Received: (from guido@localhost) by gvr.win.tue.nl (8.8.5/8.8.2) id UAA03721; Mon, 24 Feb 1997 20:24:42 +0100 (MET)
From: Guido van Rooij <guido@gvr.win.tue.nl>
Message-Id: <199702241924.UAA03721@gvr.win.tue.nl>
Subject: Re: o [1997/02/01] bin/2634 rtld patches for easy creation of chroot enviroments
In-Reply-To: <199702241328.AAA10815@profane.iq.org> from Julian Assange at "Feb 25, 97 00:28:33 am"
To: proff@iq.org (Julian Assange)
Date: Mon, 24 Feb 1997 20:24:42 +0100 (MET)
Cc: phk@critter.dk.tfs.com, hackers@freebsd.org, security@freebsd.org
X-Mailer: ELM [version 2.4ME+ PL28 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> 
> It would be neat if one could actually use the chroot() facility
> in a secure and efficient manner, without modifying the source for
> main() on every binary in the system. You are right. It would be
> neat. Since when is something being small, fast, secure, neat and
> providing functionality that wouldn't otherwise be there grounds
> for rejection of code? I'm quite apalled at this conservative view,
> expressed without the slightest understanding of the code involved.
> 

I understand your point and partly I do agree. However, seeing the enormous
security hole we found lately in having the setlocale() stuff in ld.so,
ppl are a bit reluctant to modify such a piece of code. I think that is
understandable. 

What I do when I want a chroot jail is use a simple program, chrootuid,
that does almost the same. In my opinion, that is a cleaner solution
because whenever something would be broken, it is only this tiny little
program that is broken, instead of *all* binaries. The fact that your code
is probably correct does not change this fact.

Btw: chroouit can be found at ftp.win.tue.nl:/pub/security

-Guido