From owner-freebsd-hackers@freebsd.org Sun Sep 27 19:12:16 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C9F40424EB2 for ; Sun, 27 Sep 2020 19:12:16 +0000 (UTC) (envelope-from xtouqh@hotmail.com) Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04olkn0804.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0e::804]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BzwJH1sVRz475W; Sun, 27 Sep 2020 19:12:14 +0000 (UTC) (envelope-from xtouqh@hotmail.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TIu8jonsYOrSp2tPTvEAut/Ym3avlQdFUXknPRoZbP/sSchKHdDjV5O4Se3dyq4P23bkzYreJDMZxqUXoW2bjjUDrRe5Fqj2/wuIFAq1ItLluZAnbhhS/hHXjWgjkBWpyqJOL98NxG2o8e8WhoC/2plzn0NRL7DyFBBo6P0HZxvpW6IhIlVMZmhvzT6+abSq/CdfD7ObibjA/ivMTq7COXZkYuoCfD13IO9fmjpIZ5iMIV5UDGQBrzGlHqcGNiTW3WKhU9EE5UWQxioWoa4yYAP6kQKRM78U6pzj9ug04/2FNabtU/h4eoYx1UzRpxxnjcIlBCyby1f1qrDExAJjlg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iTzvAfTxgvV1MvxAZjPpAU0YV9D+RP1z5aIuE/204+g=; b=LTtAftBoO5KH0SWQOJGZyFwYNyq/ldX/ekTWnTiHHrRMAFne2biGLKV+Wx9/CZ+64QoRCXz/rYavUTE32uC4BqgZCUTX8Axw1AabLp9oPOUB9Txc2wrsTMMyTqqDcvE+3tXxOww1LuopahcEGv29wjdQMXL3JVdKGpu675GiUo5RJaAGOftuS6B3RH/xafKUvPOAtHyzX5bSKzy6iBX2WzWG+Oke0ClJ+BmadfORE0TQ8SZBFK54O1it6k5Jkz/uKe0kM1S2L6TpR0Rrtcps1asseNIuTzc9yedVrkTAwx/flMPf672QwH///mjuBUe6k17DtR1sdE5qY+oJlm7ajg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iTzvAfTxgvV1MvxAZjPpAU0YV9D+RP1z5aIuE/204+g=; b=sFpecfCRCF8eWmF74s3FGU/D3CFH1LdvwBVrgDKltGmZQSNbgZPzKWSOP4Or7H0QtVB1srGxGlaslD6W08P0Ms3BYRXMwM6t2hwA8+T24QB8R0V0gdg+ykhOd9zsKCA2HT+Pc68aev9NR6GneEEEttaF7xulFSMwx38ZT12d79W/3vpwSQa06J1Y5BqyhOTxWYAwbZiG42MtVbjJ1wQxg5Gqjb9yVkCJgjt2jkn+8Q3ET7U0e/5i3I4uFviMQCc4wA28R4BTTCf80gCzk+ahiaWqJ1h4kDYUkCsKLwG6U/B/Ji6eqMVf51gNPY7hv3uBeKoLNvGgJ6JhzMGn7FYIfA== Received: from DB3EUR04FT037.eop-eur04.prod.protection.outlook.com (2a01:111:e400:7e0c::53) by DB3EUR04HT112.eop-eur04.prod.protection.outlook.com (2a01:111:e400:7e0c::351) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.21; Sun, 27 Sep 2020 19:12:12 +0000 Received: from AM0PR06MB3986.eurprd06.prod.outlook.com (2a01:111:e400:7e0c::43) by DB3EUR04FT037.mail.protection.outlook.com (2a01:111:e400:7e0c::286) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.21 via Frontend Transport; Sun, 27 Sep 2020 19:12:12 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:91896EEAF81C198626892C0E6A81164B14B93EAA3CF1946865639E42A3543A18; UpperCasedChecksum:E6D67658EE69C49692D5874565D9A483FB9827877AA1299796F26DB40B00C6F4; SizeAsReceived:8954; Count:49 Received: from AM0PR06MB3986.eurprd06.prod.outlook.com ([fe80::759a:af46:6f2:8fb8]) by AM0PR06MB3986.eurprd06.prod.outlook.com ([fe80::759a:af46:6f2:8fb8%7]) with mapi id 15.20.3412.028; Sun, 27 Sep 2020 19:12:12 +0000 Subject: Re: Is it possible to exit the chroot(2) environment? To: Kyle Evans , Warner Losh Cc: Yuri , Freebsd hackers list References: From: xtouqh@hotmail.com Message-ID: Date: Sun, 27 Sep 2020 22:12:11 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.3.1 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-ClientProxiedBy: AM4P190CA0008.EURP190.PROD.OUTLOOK.COM (2603:10a6:200:56::18) To AM0PR06MB3986.eurprd06.prod.outlook.com (2603:10a6:208:b6::28) X-Microsoft-Original-Message-ID: <2c249ba2-4b14-20e7-e509-9b0eb8cf2f82@hotmail.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [192.168.1.6] (91.240.124.157) by AM4P190CA0008.EURP190.PROD.OUTLOOK.COM (2603:10a6:200:56::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.22 via Frontend Transport; Sun, 27 Sep 2020 19:12:11 +0000 X-Microsoft-Original-Message-ID: <2c249ba2-4b14-20e7-e509-9b0eb8cf2f82@hotmail.com> X-TMN: [lnTc1uhrV6wHuyzDaSGnjDg+O3FI7urH] X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 49 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: cc8efe66-9993-4589-6242-08d863193cd9 X-MS-TrafficTypeDiagnostic: DB3EUR04HT112: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: l4p49fpud50Nuvq361Wew9d5m68WOpsTw5mJq/qZaACc16tbnZ4rUlITE16B5cAaeHvEweORkju4aKMz8U1dK6Q6Qrnl0IQMNvA3qzeXX7Q5X/ULWrA4Fmmm+L7bWltU3Ask4Lju3Vz2v5FNT700a28SkHBUQpPr9DjyrUfwPjnoF9sE+tTsrzyR9XqwLm1JV0I6eDH0c8cyQXjEieCNj2wAMlg4xsaVuHigre2G6xRTlVf/yceHl8A7W7eipIDy X-MS-Exchange-AntiSpam-MessageData: 2gr4hGkWSFhQYvbLCGTMuGD4G185nnwyofnBwen3EXgH1q+/Fr+7kK0/v7Ob81TlmSZB1YIuENWVKMYK7akL8TJjwaOyQQK3XmsI1dlC9EyvSSfM8K1Lp2U59fz/LuxPUV2xAHp/pSjqmwpgymK3eg== X-OriginatorOrg: hotmail.com X-MS-Exchange-CrossTenant-Network-Message-Id: cc8efe66-9993-4589-6242-08d863193cd9 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Sep 2020 19:12:12.6862 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: DB3EUR04FT037.eop-eur04.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3EUR04HT112 X-Rspamd-Queue-Id: 4BzwJH1sVRz475W X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=hotmail.com header.s=selector1 header.b=sFpecfCR; dmarc=pass (policy=none) header.from=hotmail.com; spf=pass (mx1.freebsd.org: domain of xtouqh@hotmail.com designates 2a01:111:f400:fe0e::804 as permitted sender) smtp.mailfrom=xtouqh@hotmail.com X-Spamd-Result: default: False [-1.06 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_MEDIUM(-0.98)[-0.984]; R_DKIM_ALLOW(-0.20)[hotmail.com:s=selector1]; RCVD_COUNT_FIVE(0.00)[5]; RCPT_COUNT_THREE(0.00)[4]; FREEMAIL_FROM(0.00)[hotmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2a01:111:f400::/48]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; NEURAL_HAM_LONG(-1.03)[-1.027]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector9901:i=1]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[hotmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[hotmail.com,none]; FROM_NO_DN(0.00)[]; NEURAL_HAM_SHORT(-0.55)[-0.553]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[hotmail.com]; ASN(0.00)[asn:8075, ipnet:2a01:111:f000::/36, country:US]; FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN(2.50)[]; MAILMAN_DEST(0.00)[freebsd-hackers]; DWL_DNSWL_NONE(0.00)[hotmail.com:dkim] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Sep 2020 19:12:16 -0000 Kyle Evans wrote: > On Sun, Sep 27, 2020 at 2:03 PM Warner Losh wrote: >> >> On Sun, Sep 27, 2020 at 12:30 PM Yuri wrote: >> >>> This line >>> >>> https://github.com/rpm-software-management/rpm/blob/master/lib/rpmchroot.c#L155 >>> calls chroot(".") in order to exit from the chroot environment. >>> >> >> Interesting. FreeBSD doesn't allow that. >> >> >>> It apparently succeeds on Linux (this is rpm), but it fails on FreeBSD >>> with "Operation not permitted", while executed under sudo. >>> >>> The chroot(2) man page doesn't mention anything about exiting the chroot >>> environment. >>> >> >> True. Such behavior is undefined. There's no defined notion of exiting a >> chroot. It doesn't seem to be documented in the few examples of the >> chroot(2) call linux man pages I've found. Do you have documentation on >> what, exactly, it's supposed to do? >> > > I'm almost certain they just aren't restricting you from chrooting to > a directory out of the chroot if you have a reference to it, so it > probably does something like: > > chdir("/"); > chroot("/some/root"); > /* Do stuff, but never chdir */ > chroot("."); /* Working directory is still the real root. */ Reading the illumos chroot(2) suggests something similar: The ".." entry in the root directory is interpreted to mean the root directory itself. Therefore, ".." cannot be used to access files outside the subtree rooted at the root directory. Instead, fchroot() can be used to reset the root to a directory that was opened before the root directory was changed.