Is the restricted shell really s

[donn]

The chroot(2) call, as provided in System III and V already protects
from cd .. operations.  There's a check in namei that says "if this is
the root (as provided by chroot), then .. means . ".   Thus if the tree
under the new root is *really* a tree (no wierd links), the user can't
get out once he's in.

There is a gotcha.  Chroot(2) doesn't change your current working
directory, so as long as you move *relatively* with respect to cwd,
you have access to the rest of the filesystem.  All absolute path
searches start at the new root, so once you have cd'd to an absolute
name, your safely tied into the sub-tree.  Chroot(1) does the required
cd.

No comment on other versions of chroot.

Donn Terry
HP  Ft. Collins. Co
hplabs!hp-dcd!donn