25 Jul
2000
25 Jul
'00
08:13
hm, the guy, who wrotes that patch seems not very familiar with chroot()ed environments. he misses the chdir() after the chroot(), which makes the chroot jail unsecure. to be on the safe track initgroups() should be called in addition to setgid(), he also missed that. there could be more failures like this. if i have the time, i'll debug and test this patch... maybe it'll become part of our next SuSE, but I don't think so. As long as we have Marc's Compartment it would be wiser to use this instead of a buggy patch.
Yeah Olaf Kirch made the same comment. What's the URL for compartment, I haven't looked at that in ages (my head hurts).
Bye, Thomas
-Kurt