Re: kern.chroot_allow_open_directories
--p7qwJlK53pWzbayA
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Jul 19, 2007 at 08:34:29PM +0000, Stef Walter wrote:
> Pieter de Boer wrote:
> >> Is this sysctl meant to prevent breaking out of a chroot? Or am I
> >> missing the point of 'kern.chroot_allow_open_directories'?
> >>
> > If the sysctl was set to 0 at the moment chroot() was called, then the
> > chroot() would have failed if the calling process had open directories
> > (that's what the sysctl is meant to do, if I'm understanding the source
> > right). If directories weren't open, the chroot() would work, but the
> > process would obviously not be able to open directories outside the
> > chroot after that, even if you'd set the sysctl to 1.
> >=20
> > As I see it, there's no problem here, but could be wrong; chroot() is
> > tricky afaik..
>=20
> Yes, it sure is.
>=20
> However if a root process inside the chroot jail reset that sysctl,
> after which it seems it could perform the usual break out thingy:
>=20
> http://www.bpfh.net/simes/computing/chroot-break.html
>=20
> I guess what I was wondering, is if FreeBSD is in fact immune to this
> attack, and whether it makes sense to chroot superuser processes on FreeB=
SD.
Superuser running inside chroot(2) has many ways to escape. You
bascially gain no additional security in chrooting a process that will
continue to operate with privileges.
You should either chroot and drop privileges or use jail(2).
--=20
Pawel Jakub Dawidek http://www.wheel.pl
pjd@FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
--p7qwJlK53pWzbayA
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)
iD8DBQFGvFOSForvXbEpPzQRAl13AJ0fz3GK8itPktD0MXLBOmRjMv7d1ACg8toF
oAiKbqMRJJsLQUcK7EP01rM=
=BJNN
-----END PGP SIGNATURE-----
--p7qwJlK53pWzbayA--
討論串 (同標題文章)
完整討論串 (本文為第 5 之 5 篇):