From owner-freebsd-hackers@freebsd.org Sun Sep 27 21:37:44 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EFE36372477 for ; Sun, 27 Sep 2020 21:37:44 +0000 (UTC) (envelope-from yuri@rawbw.com) Received: from shell1.rawbw.com (shell1.rawbw.com [198.144.192.42]) by mx1.freebsd.org (Postfix) with ESMTP id 4BzzX8410qz4Rjl; Sun, 27 Sep 2020 21:37:43 +0000 (UTC) (envelope-from yuri@rawbw.com) Received: from yv.noip.me (c-73-189-35-76.hsd1.ca.comcast.net [73.189.35.76]) (authenticated bits=0) by shell1.rawbw.com (8.15.1/8.15.1) with ESMTPSA id 08RLbfcA034066 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Sun, 27 Sep 2020 14:37:42 -0700 (PDT) (envelope-from yuri@rawbw.com) X-Authentication-Warning: shell1.rawbw.com: Host c-73-189-35-76.hsd1.ca.comcast.net [73.189.35.76] claimed to be yv.noip.me Subject: Re: Is it possible to exit the chroot(2) environment? To: Kyle Evans , Warner Losh Cc: Freebsd hackers list References: <9fa46833-63c2-a77f-98dd-111f6502dc74@rawbw.com> From: Yuri Message-ID: <3d17ea59-0e85-4e33-f426-deec99f07b83@rawbw.com> Date: Sun, 27 Sep 2020 14:37:40 -0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Rspamd-Queue-Id: 4BzzX8410qz4Rjl X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:7961, ipnet:198.144.192.0/19, country:US] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Sep 2020 21:37:45 -0000 On 2020-09-27 13:25, Kyle Evans wrote: > +1. I think an additional sentence pointing out that that's the > traditional behavior would outline that this is perhaps what's needed, > maybe with a specific EPERM reference. The fact that chroot(".") undoes the previous chroot(...) call should also be documented, IMO. The current chroot(2) man page doesn't mention this. Also chroot apparently preserves the current working directory for the purpose of chroot("."), but not for other purposes. What if chdir(2) with the same string $OLD_WD is called in the chroot environment with root in $ROOT_DIR, i.e. chroot($OLD_WD), and it succeeds because there happens to be a directory with the same path $OLD_WD in the chroot environment too, i.e. $CHROOT_DIR$OLD_WD is a valid directory. Would chroot(".") then change root back to the original directory $OLD_WD, or it would change it deeper into the root environment directory: $CHROOT_DIR$OLD_WD ? All this makes for a complex and potentially confusing behavior, which should be documented, IMO. Yuri