From owner-freebsd-security  Sun Nov  3 19:14:19 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id TAA02563
          for security-outgoing; Sun, 3 Nov 1996 19:14:19 -0800 (PST)
Received: from salsa.gv.ssi1.com (salsa.gv.ssi1.com [146.252.44.194])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id TAA02556
          for <freebsd-security@freebsd.org>; Sun, 3 Nov 1996 19:14:14 -0800 (PST)
Received: (from gdonl@localhost) by salsa.gv.ssi1.com (8.7.5/8.7.3) id TAA10255; Sun, 3 Nov 1996 19:13:15 -0800 (PST)
From: Don Lewis <Don.Lewis@tsc.tdk.com>
Message-Id: <199611040313.TAA10255@salsa.gv.ssi1.com>
Date: Sun, 3 Nov 1996 19:13:09 -0800
In-Reply-To: Mikael Karpberg <karpen@ocean.campus.luth.se>
       "Re: chroot() security" (Nov  3,  6:11am)
X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95)
To: Mikael Karpberg <karpen@ocean.campus.luth.se>,
        newton@communica.com.au (Mark Newton)
Subject: Re: chroot() security
Cc: freebsd-security@freebsd.org
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Nov 3,  6:11am, Mikael Karpberg wrote:
} Subject: Re: chroot() security
} 
} Why not? Make an option for it in the LINT file, and just #ifdef it?
} 
} option SAFER_CHROOT      #Warning, this might break some executables.
} 
} Something like it, at least?
} Or maybe make some sysclt or something where you can set it on a per
} process basis?

I've implemented something like this with a config option that adds code
that disables a number of things for chroot()ed processes if a certain
sysctl variable is set.  I'm now glad that I can turn this off with sysctl
because there have been some things that I've needed to do that I couldn't
do in "safer" mode.

			---  Truck