From owner-freebsd-security@FreeBSD.ORG Thu Jul 19 10:19:21 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2270016A400 for ; Thu, 19 Jul 2007 10:19:21 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (tim.des.no [194.63.250.121]) by mx1.freebsd.org (Postfix) with ESMTP id D5D6613C494 for ; Thu, 19 Jul 2007 10:19:20 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (localhost [127.0.0.1]) by spam.des.no (Postfix) with ESMTP id 867AA2091; Thu, 19 Jul 2007 12:02:17 +0200 (CEST) X-Spam-Tests: AWL,DATE_IN_PAST_24_48 X-Spam-Learn: disabled X-Spam-Score: 0.8/3.0 X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on tim.des.no Received: from dwp.des.no (des.no [80.203.243.180]) by smtp.des.no (Postfix) with ESMTP id 0B98B2115; Thu, 19 Jul 2007 12:00:46 +0200 (CEST) Received: by dwp.des.no (Postfix, from userid 1001) id 7BB345311; Tue, 17 Jul 2007 12:45:40 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Stef Walter References: <20070717032204.09BA8D4F8E@mx.npubs.com> Date: Tue, 17 Jul 2007 12:45:40 +0200 In-Reply-To: <20070717032204.09BA8D4F8E@mx.npubs.com> (Stef Walter's message of "Tue\, 17 Jul 2007 03\:22\:04 +0000 \(UTC\)") Message-ID: <86lkdfb963.fsf@dwp.des.no> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: Re: kern.chroot_allow_open_directories X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jul 2007 10:19:21 -0000 Stef Walter writes: > The chroot(2) man page describes a sysctl called > 'kern.chroot_allow_open_directories' which controls whether a process > can chroot() and is already subject to the chroot() syscall. > > It seems that this sysctl can be trivially changed from within a > chroot'd process (ie: if that process has superuser privileges). That's what securelevels are for. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no