Hi David,
This solution looks good. I did not test, but I do have one minor comment
after glancing at the code:
@@ -2662,7 +2700,14 @@ check_cmd_access(const char *command, const char
> *opt)
> * only requires X_OK to function on Unix - a scenario not unlikely to
> * be seen on suid binaries.
> */
> - return_code = check_file_access(CHKACC_FILE, argv.argv[0], X_OK, opt);
> + if (chroot)
> + {
> + return_code = check_file_access_chroot(chroot, CHKACC_FILE,
> argv.argv[0], X_OK, opt);
> + }
> + else
> + {
> + return_code = check_file_access(CHKACC_FILE, argv.argv[0], X_OK,
> opt);
> + }
>
This if seems redundant here, as chroot is checked by
check_file_access_chroot itself. Furthermore, for the other occurences of
check_file_access you stick to just replacing it with
check_file_acess_chroot. I would suggest to do that here too.
-Steffan
