kern.chroot_allow_open_directories

看板FB_security作者時間18年前 (2007/07/24 11:04), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串1/5 (看更多)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The chroot(2) man page describes a sysctl called 'kern.chroot_allow_open_directories' which controls whether a process can chroot() and is already subject to the chroot() syscall. It seems that this sysctl can be trivially changed from within a chroot'd process (ie: if that process has superuser privileges). Is this sysctl meant to prevent breaking out of a chroot? Or am I missing the point of 'kern.chroot_allow_open_directories'? Cheers, Stef -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGnC7+e/sRCNknZa8RAhaJAKCSioePX83kGugueXzjs8MSz3KN+wCgmzMl FvJxyklaeTGOcN1NSjl/llY= =mrWp -----END PGP SIGNATURE----- _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 stef. 的文章
文章代碼(AID): #16fMnQ00 (FB_security)
更多 stef. 的文章
文章代碼(AID): #16fMnQ00 (FB_security)