Date: Wed, 9 Jul 1997 18:09:42 -0400 (EDT) From: David Holland <dholland@eecs.harvard.edu> To: newton@communica.com.au (Mark Newton) Cc: robert@cyrus.watson.org, newton@communica.com.au, sef@kithrup.com, security@FreeBSD.ORG Subject: Re: Security Model/Target for FreeBSD or 4.4? Message-ID: <199707092209.SAA11291@burgundy.eecs.harvard.edu> In-Reply-To: <9707090029.AA06358@communica.com.au> from "Mark Newton" at Jul 9, 97 09:59:33 am
next in thread | previous in thread | raw e-mail | index | archive | help
> Study the code carefully in light of this discussion. Realize that
> providing arbitrary users with the ability to run chroot() would allow
> arbitrary users to break out of sandboxen.
There are two ways to fix this: (1) disallow chroot(8) if a chroot has
already been performed, that is, the process's root is not the same as
the global root, or (2) fix the mechanism that prevents "cd .." from
the chrooted root so that if you set a new root directory it doesn't
permit going up past the previous root directory.
(If this is what your patch did, never mind.)
It's not at all clear that fixing this is sufficient to keep root in a
chroot area, though. The general opinion in many circles is that it's
too hard to accomplish that and not worth trying.
--
- David A. Holland | VINO project home page:
dholland@eecs.harvard.edu | http://www.eecs.harvard.edu/vino
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707092209.SAA11291>