Re: kern.chroot_allow_open_directories
Stef Walter wrote:
> The chroot(2) man page describes a sysctl called
> 'kern.chroot_allow_open_directories' which controls whether a process
> can chroot() and is already subject to the chroot() syscall.
>
> It seems that this sysctl can be trivially changed from within a
> chroot'd process (ie: if that process has superuser privileges).
>
> Is this sysctl meant to prevent breaking out of a chroot? Or am I
> missing the point of 'kern.chroot_allow_open_directories'?
>
If the sysctl was set to 0 at the moment chroot() was called, then the
chroot() would have failed if the calling process had open directories
(that's what the sysctl is meant to do, if I'm understanding the source
right). If directories weren't open, the chroot() would work, but the
process would obviously not be able to open directories outside the
chroot after that, even if you'd set the sysctl to 1.
As I see it, there's no problem here, but could be wrong; chroot() is
tricky afaik..
--
Pieter
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 3 之 5 篇):