From owner-freebsd-bugs@freebsd.org Sat Nov 18 22:06:53 2017 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 46E8FDDDAA0 for ; Sat, 18 Nov 2017 22:06:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 288F57F661 for ; Sat, 18 Nov 2017 22:06:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vAIM6pC9020051 for ; Sat, 18 Nov 2017 22:06:53 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 223327] dhclient: close the pidfile before calling chroot(2) Date: Sat, 18 Nov 2017 22:06:52 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: jilles@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2017 22:06:53 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223327 Jilles Tjoelker changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jilles@FreeBSD.org Status|New |Open --- Comment #2 from Jilles Tjoelker --- Although kern.chroot_allow_open_directories can be bypassed trivially via U= nix domain socket file descriptor passing, it does serve a purpose in pointing = out open chroots and jails like this one. The open directory allows full access= to the / that dhclient was started from, defeating its chroot to /var/empty. In capability mode where ".." is disallowed, there is still full access to /var/run. It looks like the status quo is that the pidfile will not be removed when dhclient aborts after chrooting. The pidfile_remove() call will always fail. Before r322369 this was the case because of the chroot, and after r322369 t= his was the case because dhclient limits the pidfile descriptor to no rights (so that pidfile_verify() will fail). If this status quo is acceptable, the fix is to close the directory file descriptor using a newly added pidfile(3) function. If the status quo is not acceptable, it could be fixed by adding a not chro= oted non-capmode intermediate process to do the remove or by moving the dhclient pidfile into its own directory and fixing the rights on the pidfile and directory descriptors. The latter also requires an addition to the pidfile(= 3) API. --=20 You are receiving this mail because: You are the assignee for the bug.=