Date: Sun, 27 Sep 2020 15:09:28 -0500 From: Kyle Evans <kevans@freebsd.org> To: Yuri <yuri@rawbw.com> Cc: Freebsd hackers list <freebsd-hackers@freebsd.org> Subject: Re: Is it possible to exit the chroot(2) environment? Message-ID: <CACNAnaFqtpDkd76Z3vAUMcCMwTpMyfy91NPyufeVd%2B8UAqZHKQ@mail.gmail.com> In-Reply-To: <9fa46833-63c2-a77f-98dd-111f6502dc74@rawbw.com> References: <b6412618-02ec-1dbd-f474-b4412d7b774b@rawbw.com> <CANCZdfqJ14-Cpvi9%2Bd%2BHRgWbHk7vDUNNOKLUVOC9iBUqZKX=Pw@mail.gmail.com> <CACNAnaFVg2yZnWbfC=MmPfQ==XZYssHFuz%2BCjz%2B67TkZ108qRA@mail.gmail.com> <CACNAnaF-psLeTzwk=HygP4ESEynRyR-m62T1FAjw=ON6J2PVTg@mail.gmail.com> <a488f94a-6efc-27f3-d0a4-489f6f99772d@rawbw.com> <CACNAnaG_u1aVRJpKeb9n0rK4UqRRZDGBt7i=iRtPf-7kxqYQBw@mail.gmail.com> <9fa46833-63c2-a77f-98dd-111f6502dc74@rawbw.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Sep 27, 2020 at 3:04 PM Yuri <yuri@rawbw.com> wrote: > > On 2020-09-27 12:56, Kyle Evans wrote: > > kern.chroot_allow_open_directories to some value that isn't 0 or 1. > > > It succeeds with kern.chroot_allow_open_directories=2. > > Ok, so Warner's proposal was correct and we've verified the semantics work out the same, this is simply a behavioral difference in that we're a little more strict -- presumably to make it less trivial to break out of a chroot. I suspect a default change for the sysctl/behavior is unlikely, your best bet to move forward is probably to work out if they really need to have dangling directories open and correct that if at all possible.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACNAnaFqtpDkd76Z3vAUMcCMwTpMyfy91NPyufeVd%2B8UAqZHKQ>