From nobody Fri Aug 1 20:36:49 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4btyRQ21V7z635D1; Fri, 01 Aug 2025 20:36:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4btyRQ1K5xz3DV4; Fri, 01 Aug 2025 20:36:50 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1754080610; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=CteVwA0ayAMtJfCygwiJcaf/QFeSkKeDFwpbgmDha/4=; b=fgjYaoTO3QLicnn4kOq2aUOY+YYppwzHfGCwAsV6s1UffpempU0vULqF0hXgW4+eXn+61h hQxTwI6EDPX0ZJjIzjrmih1vY+C1B4pyUGyzA11begpv/31imi7VcxQYxfhp1YPHLuQrGN wf0rFm/smlOpNHGZVEyx4xNwAaJvBn9ON7VJk4ej+NU5yQakh7zlEVRjpl4EEBxFNZvv7o pdr14ErYNL9xM5knF2tf8oK0eKX9TdHL90zAUO3ZD0Yscp6B8qTCP4+SMMOTABINbgFQZ/ KJ5hADcW97/pAsjEMnAqiCFR4d6+dPIQrXx8BqKOsiWNBYZa+V5ncgsV2FOeDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1754080610; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=CteVwA0ayAMtJfCygwiJcaf/QFeSkKeDFwpbgmDha/4=; b=FjaoQ//K40nGDVihFjH124Rg8v669jKd85YF/sv7poq71K7v7vV9te7GtAlSCU2gDBJ6DE aF1d0Rzx2OqjlXmzz3DmAS55nQJERhuJftNSvu6v8/RJUQ8NBcjZw22JLVJiOWrPzmzrYn hkMUT2ViMqpYOy/lohRgwt8DCnUHzSE1k8QPEMMkuGlt+16WLB9nuoCUsL0ejIchfvuZCs OajBFVWQMMwelR8N4NI3WXbTRhR6fZ0Ai839vNkFxNmpWzNgkeZgZQvipShsirxEPfO0pC tV9M1Y4EKBbhHYfanUfrSE3koccNj9ML5xVHt60EYYw4DDulQ7MeK7NwWm7/Fw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1754080610; a=rsa-sha256; cv=none; b=pwELmsPP3/l2sDiEws6WqDRO0N6YJWyUtjjAdM0XLPn7dJtw0UArcTDZjjh4EAp7zgg9JA HO7IYlyXzrH1ZarA9VPkwAste5Q8XnWNqfS5l6+scrWdPY7epgGjXbCe9dpjmINb47qnnM kDEEppiUyuYCbVYU395+8rqhsViMN5Ci/GprRkY+Pg2XLs6uTjngC+lA0LH8MuWeVy+lGs NwpzP3YEyTUBGzmDvv8e9VIrsdD6mIG5DWeCvBGucNeODSHLQSsC7+673+5/EnnfEbXV9f jQtSpLja5E0+lwRS2j5RN+L6VEpw2N4tOGpLQcMK/SuQrhV3cdsOrPqlCZuisg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4btyRQ0Xgkz12nt; Fri, 01 Aug 2025 20:36:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 571Kan3h051968; Fri, 1 Aug 2025 20:36:49 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 571Kanje051965; Fri, 1 Aug 2025 20:36:49 GMT (envelope-from git) Date: Fri, 1 Aug 2025 20:36:49 GMT Message-Id: <202508012036.571Kanje051965@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Ed Maste Subject: git: e6c623e9bad5 - main - chroot: Improve error message for unprivileged use List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: e6c623e9bad56271d6c5fffaaf994d27b65404e5 Auto-Submitted: auto-generated The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=e6c623e9bad56271d6c5fffaaf994d27b65404e5 commit e6c623e9bad56271d6c5fffaaf994d27b65404e5 Author: Ed Maste AuthorDate: 2025-08-01 19:53:00 +0000 Commit: Ed Maste CommitDate: 2025-08-01 20:35:07 +0000 chroot: Improve error message for unprivileged use When the security.bsd.unprivileged_chroot sysctl is set, chroot(2) can be used by unprivileged users as long as the PROC_NO_NEW_PRIVS_CTL process control is set. chroot(8) has a -n command line flag to set this process control. Add an explicit error for EPERM from chroot(2) if the -n flag is necessary, but not present. Before: $ chroot / /bin/sh chroot: /: Operation not permitted After: $ chroot / /bin/sh chroot: unprivileged use requires -n Reviewed by: kevans Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D51687 --- usr.sbin/chroot/chroot.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/usr.sbin/chroot/chroot.c b/usr.sbin/chroot/chroot.c index bd4932ee9b48..c978fc019c95 100644 --- a/usr.sbin/chroot/chroot.c +++ b/usr.sbin/chroot/chroot.c @@ -34,6 +34,7 @@ #include #include +#include #include #include #include @@ -158,8 +159,13 @@ main(int argc, char *argv[]) err(1, "procctl"); } - if (chdir(argv[0]) == -1 || chroot(".") == -1) + if (chdir(argv[0]) == -1) err(1, "%s", argv[0]); + if (chroot(".") == -1) { + if (errno == EPERM && !nonprivileged && geteuid() != 0) + errx(1, "unprivileged use requires -n"); + err(1, "%s", argv[0]); + } if (gids && setgroups(gids, gidlist) == -1) err(1, "setgroups");