Date: Mon, 16 Jun 2014 16:13:24 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-arch@FreeBSD.org Subject: [Bug 121073] [kernel] [patch] run chroot as an unprivileged user Message-ID: <bug-121073-24229-J4iGiQJ3AI@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-121073-24229@https.bugs.freebsd.org/bugzilla/> References: <bug-121073-24229@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=121073 --- Comment #9 from Nathan Whitehorn <nwhitehorn@FreeBSD.org> --- There are, I think, two potential security issues here: 1. Many pieces of software assume that if you chroot and drop privileges, no further chroot is possible. 2. There could be sneaky ways of obtaining privileges once no-new-privileges is set. (1) is pretty straightforward since we can just disallow unprivileged chroot after any other chroot. (2) is the complex one. Are there others? Some no-cred-change property for processes seems extremely useful from a security perspective and, if we have one we could trust, this patch becomes trivial. Would it make sense just to work on that first and come back to unprivileged chroot later? -- You are receiving this mail because: You are on the CC list for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-121073-24229-J4iGiQJ3AI>