Site Navigation

Date:      Tue, 17 Jul 2007 12:45:40 +0200
From:      =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To:        Stef Walter <stef@memberwebs.com>
Cc:        freebsd-security@freebsd.org
Subject:   Re: kern.chroot_allow_open_directories
Message-ID:  <86lkdfb963.fsf@dwp.des.no>
In-Reply-To: <20070717032204.09BA8D4F8E@mx.npubs.com> (Stef Walter's message of "Tue\, 17 Jul 2007 03\:22\:04 %2B0000 \(UTC\)")
References:  <20070717032204.09BA8D4F8E@mx.npubs.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

Stef Walter <stef@memberwebs.com> writes:
> The chroot(2) man page describes a sysctl called
> 'kern.chroot_allow_open_directories' which controls whether a process
> can chroot() and is already subject to the chroot() syscall.
>
> It seems that this sysctl can be trivially changed from within a
> chroot'd process (ie: if that process has superuser privileges).

That's what securelevels are for.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86lkdfb963.fsf>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact