Date: Sat, 24 Dec 2011 02:45:21 -0800 From: Xin LI <delphij@gmail.com> To: Andrey Chernov <ache@freebsd.org>, Xin LI <delphij@gmail.com>, Kostik Belousov <kostikbel@gmail.com>, Alexander Kabaev <kabaev@gmail.com>, John Baldwin <jhb@freebsd.org>, Colin Percival <cperciva@freebsd.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r228843 - head/contrib/telnet/libtelnet head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec... Message-ID: <CAGMYy3vUMUi0ajADs2AdVRPfWQShmjfXDHfrKTFBmHGiNTWPFA@mail.gmail.com> In-Reply-To: <20111224103948.GA10939@vniz.net> References: <201112231500.pBNF0c0O071712@svn.freebsd.org> <201112231058.46642.jhb@freebsd.org> <201112231122.34436.jhb@freebsd.org> <20111223120644.75fe944d@kan.dyndns.org> <20111223175143.GJ50300@deviant.kiev.zoral.com.ua> <20111224100509.GA98136@vniz.net> <CAGMYy3s4YM-j165o9p%2BEDgMf0%2BaJq7gKj5yR=LK8_yfECnbtog@mail.gmail.com> <20111224103948.GA10939@vniz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Dec 24, 2011 at 2:39 AM, Andrey Chernov <ache@freebsd.org> wrote: > On Sat, Dec 24, 2011 at 02:26:20AM -0800, Xin LI wrote: >> chroot(2) can create legitimate and secure environment where dlopen(2) >> is safe and necessary. > > Yes, so ischroot() check can be used only into that places where libc's > libc_dlopen() currently used, i.e. placed into libc_dlopen() itself. So it's Okay to break NSS in chroot jail? Cheers, -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGMYy3vUMUi0ajADs2AdVRPfWQShmjfXDHfrKTFBmHGiNTWPFA>