From owner-freebsd-hackers@freebsd.org  Sun Sep 27 22:20:52 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id D8277373E4A
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Sun, 27 Sep 2020 22:20:52 +0000 (UTC)
 (envelope-from kevans@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "smtp.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4C00Tw5T2Qz4V13
 for <freebsd-hackers@freebsd.org>; Sun, 27 Sep 2020 22:20:52 +0000 (UTC)
 (envelope-from kevans@freebsd.org)
Received: from mail-qt1-f179.google.com (mail-qt1-f179.google.com
 [209.85.160.179])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 (Authenticated sender: kevans)
 by smtp.freebsd.org (Postfix) with ESMTPSA id 9A28D14FCF
 for <freebsd-hackers@freebsd.org>; Sun, 27 Sep 2020 22:20:52 +0000 (UTC)
 (envelope-from kevans@freebsd.org)
Received: by mail-qt1-f179.google.com with SMTP id b2so6767694qtp.8
 for <freebsd-hackers@freebsd.org>; Sun, 27 Sep 2020 15:20:52 -0700 (PDT)
X-Gm-Message-State: AOAM5312IIh/13MD+MmLKeiap+DHxRkhhcwPqqeqdDOOKhlDDFgPJbKT
 30XegXrWyhh5n5uJDUBQxRloZfbTkyf1R64Uq3s=
X-Google-Smtp-Source: ABdhPJz1BztHlVGt3ebpjvByB5g+HiE4djXALU4Ugmu16NkwJbfY+TloYqIJUsPOzUmGDERQbq8UJu0dCidU776J/Lw=
X-Received: by 2002:ac8:192b:: with SMTP id t40mr9993348qtj.60.1601245252204; 
 Sun, 27 Sep 2020 15:20:52 -0700 (PDT)
MIME-Version: 1.0
References: <b6412618-02ec-1dbd-f474-b4412d7b774b@rawbw.com>
 <CANCZdfqJ14-Cpvi9+d+HRgWbHk7vDUNNOKLUVOC9iBUqZKX=Pw@mail.gmail.com>
 <CACNAnaFVg2yZnWbfC=MmPfQ==XZYssHFuz+Cjz+67TkZ108qRA@mail.gmail.com>
 <CACNAnaF-psLeTzwk=HygP4ESEynRyR-m62T1FAjw=ON6J2PVTg@mail.gmail.com>
 <a488f94a-6efc-27f3-d0a4-489f6f99772d@rawbw.com>
 <CACNAnaG_u1aVRJpKeb9n0rK4UqRRZDGBt7i=iRtPf-7kxqYQBw@mail.gmail.com>
 <9fa46833-63c2-a77f-98dd-111f6502dc74@rawbw.com>
 <CACNAnaFqtpDkd76Z3vAUMcCMwTpMyfy91NPyufeVd+8UAqZHKQ@mail.gmail.com>
 <CANCZdfrzCuR4W-JzoFPyW6WCwVJGwQfuesjmCBMRMSnvfXdv7Q@mail.gmail.com>
 <CACNAnaGgk6NoxD3kXGpbtAZk+bc+2XVc+1sO06QU1e+Kp9CZwQ@mail.gmail.com>
 <3d17ea59-0e85-4e33-f426-deec99f07b83@rawbw.com>
In-Reply-To: <3d17ea59-0e85-4e33-f426-deec99f07b83@rawbw.com>
From: Kyle Evans <kevans@freebsd.org>
Date: Sun, 27 Sep 2020 17:20:41 -0500
X-Gmail-Original-Message-ID: <CACNAnaHOWej5XGE4kDgAW_Mo-OR3CDKcFRm3+j6VF=d6_d5qpg@mail.gmail.com>
Message-ID: <CACNAnaHOWej5XGE4kDgAW_Mo-OR3CDKcFRm3+j6VF=d6_d5qpg@mail.gmail.com>
Subject: Re: Is it possible to exit the chroot(2) environment?
To: Yuri <yuri@rawbw.com>
Cc: Warner Losh <imp@bsdimp.com>,
 Freebsd hackers list <freebsd-hackers@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Sep 2020 22:20:52 -0000

On Sun, Sep 27, 2020 at 4:37 PM Yuri <yuri@rawbw.com> wrote:
>
> On 2020-09-27 13:25, Kyle Evans wrote:
> > +1. I think an additional sentence pointing out that that's the
> > traditional behavior would outline that this is perhaps what's needed,
> > maybe with a specific EPERM reference.
>
>
> The fact that chroot(".") undoes the previous chroot(...) call should
> also be documented, IMO. The current chroot(2) man page doesn't mention
> this.
>

The problem is that chroot(".") is not a sure-fire way to escape the
chroot. It's not that simple- it only works because your working
directory is still outside.

> Also chroot apparently preserves the current working directory for the
> purpose of chroot("."), but not for other purposes.
>

chroot never changes the working directory for any purpose, this is
one of the well-understood flaws of the syscall. It's not preserving
anything specifically for chroot("."), and in-fact you'll find that
"." in other syscalls (e.g. stat) is consistent with what you're
seeing here.

> What if chdir(2) with the same string $OLD_WD is called in the chroot
> environment with root in $ROOT_DIR, i.e. chroot($OLD_WD), and it
> succeeds because there happens to be a directory with the same path
> $OLD_WD in the chroot environment too, i.e. $CHROOT_DIR$OLD_WD is a
> valid directory. Would chroot(".") then change root back to the original
> directory $OLD_WD, or it would change it deeper into the root
> environment directory: $CHROOT_DIR$OLD_WD ?
>
> All this makes for a complex and potentially confusing behavior, which
> should be documented, IMO.
>

chroot would demonstrate the same consistency here. chroot does not
change your working directory, so it doesn't matter how many times you
chroot as long as you don't chdir to some name that resolves within
the chroot.