From owner-freebsd-security  Wed Dec 23 15:27:26 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA22128
          for freebsd-security-outgoing; Wed, 23 Dec 1998 15:27:26 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from goliath.camtech.net.au (goliath.camtech.net.au [203.5.73.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA22122
          for <freebsd-security@FreeBSD.ORG>; Wed, 23 Dec 1998 15:27:24 -0800 (PST)
          (envelope-from newton@camtech.com.au)
Received: from sebastion.sa.camtech.com.au (sebastion.sa.camtech.com.au [203.28.3.2]) by goliath.camtech.net.au (8.8.5/8.8.2) with ESMTP id JAA07330; Thu, 24 Dec 1998 09:45:52 +1030 (CST)
Received: (from smtp@localhost) by sebastion.sa.camtech.com.au (8.8.5/8.8.7) id JAA27174; Thu, 24 Dec 1998 09:46:40 +1030 (CST)
Received: from slingshot(192.168.1.2) by sebastion via smap (V2.0)
	id xma027168; Thu, 24 Dec 98 09:46:14 +1030
Received: from frenzy.ct (newton@frenzy.ct [192.168.4.65])
	by slingshot.ct (8.9.1/8.9.1) with ESMTP id JAA28865;
	Thu, 24 Dec 1998 09:45:59 +1030 (CST)
From: Mark Newton <newton@camtech.com.au>
Received: (from newton@localhost)
	by frenzy.ct (8.8.8/8.8.8) id JAA13917;
	Thu, 24 Dec 1998 09:45:57 +1030 (CDT)
Message-Id: <199812232315.JAA13917@frenzy.ct>
Subject: Re: About chroot
In-Reply-To: <19981223142742.Q24362@follo.net> from Eivind Eklund at "Dec 23, 98 02:27:42 pm"
To: eivind@yes.no (Eivind Eklund)
Date: Thu, 24 Dec 1998 09:45:56 +1030 (CDT)
Cc: casper@acc.am, freebsd-security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL32 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Eivind Eklund wrote:

 > On Wed, Dec 23, 1998 at 02:10:18PM +0400, Casper wrote:
 > > OK, thanx ... i'll look for this patch
 > 
 > (Safer chroot) That patch is not publically available yet.

k, until it is...


I have a patch which completely disables chroot() for processes which
have already been chroot()'ed (by making chroot() fail with EPERM
if the process' root directory is not the same as init's root directory
whether it's being called by the superuser or not). 

I've posted it here before anything up to a year ago and don't recall
{any/much} complaining about it.

It breaks traditional semantics so it should be optional (if you are 
running the kind of site that finds such a patch necessary you probably
think that securing chroot() is more important than preserving traditional
semantics anyway).

If there's support for this (especially from the security guys) I can
wrap it in a sysctl knob and commit it (with notes in the chroot(2)
manpage describing the knob of course).

    - mark


---
Mark Newton                               Email: newton@camtech.com.au
Systems Engineer and Senior Trainer       Phone: +61-8-8303-3300
Camtech (SA), a member of the             Fax:   +61-8-8303-4403
CAMTECH group of companies                WWW:   http://www.camtech.com.au

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message