Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 4 Jan 2012 02:04:20 +0000 (UTC)
From:      Xin LI <delphij@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r229459 - head/lib/libc/sys
Message-ID:  <201201040204.q0424KwA054581@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: delphij
Date: Wed Jan  4 02:04:20 2012
New Revision: 229459
URL: http://svn.freebsd.org/changeset/base/229459

Log:
  Document the fact that chroot(2) is no longer part of POSIX since SUSv3
  and add a SECURITY CONSIDERATIONS section for recommended practices.

Modified:
  head/lib/libc/sys/chroot.2

Modified: head/lib/libc/sys/chroot.2
==============================================================================
--- head/lib/libc/sys/chroot.2	Wed Jan  4 02:03:15 2012	(r229458)
+++ head/lib/libc/sys/chroot.2	Wed Jan  4 02:04:20 2012	(r229459)
@@ -28,7 +28,7 @@
 .\"     @(#)chroot.2	8.1 (Berkeley) 6/4/93
 .\" $FreeBSD$
 .\"
-.Dd June 4, 1993
+.Dd January 3, 2012
 .Dt CHROOT 2
 .Os
 .Sh NAME
@@ -134,9 +134,27 @@ The
 .Fn chroot
 system call appeared in
 .Bx 4.2 .
+It was marked as
+.Dq legacy
+in
+.St -susv2 ,
+and was removed in subsequent standards.
 .Sh BUGS
 If the process is able to change its working directory to the target
 directory, but another access control check fails (such as a check for
 open directories, or a MAC check), it is possible that this system
 call may return an error, with the working directory of the process
 left changed.
+.Sh SECURITY CONSIDERATIONS
+The system have many hardcoded paths to files where it may load after
+the process starts.
+It is generally recommended to drop privileges immediately after a
+successful
+.Nm
+call,
+and restrict write access to a limited subtree of the
+.Nm
+root,
+for instance,
+setup the sandbox so that the sandboxed user will have no write
+access to any well-known system directories.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201201040204.q0424KwA054581>