[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slapd -r (chroot) documentation (Was: breaking up slap_init_user() for better chroot functionality)
I committed a few changes in this area. If not sufficient,
feel free to offer specific suggestions.
Kurt
At 03:52 PM 10/12/2004, Hallvard B Furuseth wrote:
>Kurt D. Zeilenga writes:
>>At 02:13 PM 10/12/2004, Pierangelo Masarati wrote:
>>>I note that usually setuid() is seen as an alternative to chroot(),
>>
>> Err, when using chroot(2) as a security mechanism, it is important
>> to call setuid(2) after calling chroot(2). This because a process
>> running as root can easily break out of chroot(2) environment.
>
>I did not know that. It's not mentioned in my system manpages, either.
>Please add that warning where this option is described in the slapd
>manpage and the admin guide.
>
>--
>Hallvard