From owner-freebsd-hackers@freebsd.org Sat Oct 17 00:01:52 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B343944305F for ; Sat, 17 Oct 2020 00:01:52 +0000 (UTC) (envelope-from yuri@rawbw.com) Received: from shell1.rawbw.com (shell1.rawbw.com [198.144.192.42]) by mx1.freebsd.org (Postfix) with ESMTP id 4CCjqg1MWBz4LDb; Sat, 17 Oct 2020 00:01:50 +0000 (UTC) (envelope-from yuri@rawbw.com) Received: from yv.noip.me (c-73-189-35-76.hsd1.ca.comcast.net [73.189.35.76]) (authenticated bits=0) by shell1.rawbw.com (8.15.1/8.15.1) with ESMTPSA id 09H01h8k066156 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 16 Oct 2020 17:01:43 -0700 (PDT) (envelope-from yuri@rawbw.com) X-Authentication-Warning: shell1.rawbw.com: Host c-73-189-35-76.hsd1.ca.comcast.net [73.189.35.76] claimed to be yv.noip.me Subject: Re: Is it possible to exit the chroot(2) environment? To: Kyle Evans , Warner Losh Cc: Freebsd hackers list References: <9fa46833-63c2-a77f-98dd-111f6502dc74@rawbw.com> From: Yuri Message-ID: <2886aa43-0145-54e6-b532-18d1865047c6@rawbw.com> Date: Fri, 16 Oct 2020 17:01:42 -0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.3.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Rspamd-Queue-Id: 4CCjqg1MWBz4LDb X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of yuri@rawbw.com designates 198.144.192.42 as permitted sender) smtp.mailfrom=yuri@rawbw.com X-Spamd-Result: default: False [-1.19 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FREEFALL_USER(0.00)[yuri]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip4:198.144.192.32/27]; MID_RHS_MATCH_FROM(0.00)[]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; ARC_NA(0.00)[]; DMARC_NA(0.00)[rawbw.com]; NEURAL_HAM_LONG(-0.98)[-0.980]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; NEURAL_HAM_SHORT(-0.01)[-0.015]; NEURAL_HAM_MEDIUM(-1.00)[-0.996]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_COUNT_TWO(0.00)[2]; ASN(0.00)[asn:7961, ipnet:198.144.192.0/19, country:US]; MAILMAN_DEST(0.00)[freebsd-hackers]; RECEIVED_SPAMHAUS_PBL(0.00)[73.189.35.76:received] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Oct 2020 00:01:52 -0000 On 9/27/20 1:25 PM, Kyle Evans wrote: > +1. I think an additional sentence pointing out that that's the > traditional behavior would outline that this is perhaps what's needed, > maybe with a specific EPERM reference. > > It's tempting to also propose switching it to the even-more-strict 0 > at some point, perhaps considering a procctl(2) if we really find some > scenarios where it's absolutely necessary... we'll leave that battle > to a different day, though. I have several questions though: 1) What does this check really guard against? kern.chroot_allow_open_directories=0 prevents chroot(2) when there are open directories, and kern.chroot_allow_open_directories=1 prevents exit from chrooted environment when there were open directories. But what is the benefit? The process opened some directories and holds open file handles. How can this interfere with choot? What could go wrong that is prevented by this check? 2) Why is there no similar check for open files? Why directories are special? Thank you, Yuri