Re: kern.chroot_allow_open_directories
Stef Walter <stef@memberwebs.com> writes:
> The chroot(2) man page describes a sysctl called
> 'kern.chroot_allow_open_directories' which controls whether a process
> can chroot() and is already subject to the chroot() syscall.
>
> It seems that this sysctl can be trivially changed from within a
> chroot'd process (ie: if that process has superuser privileges).
That's what securelevels are for.
DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 2 之 5 篇):