From owner-freebsd-security@FreeBSD.ORG  Sun Dec 25 10:16:17 2011
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D7249106566C
	for <freebsd-security@FreeBSD.ORG>;
	Sun, 25 Dec 2011 10:16:17 +0000 (UTC) (envelope-from ache@vniz.net)
Received: from vniz.net (vniz.net [194.87.13.69])
	by mx1.freebsd.org (Postfix) with ESMTP id 1FF5E8FC0A
	for <freebsd-security@FreeBSD.ORG>;
	Sun, 25 Dec 2011 10:16:16 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by vniz.net (8.14.5/8.14.5) with ESMTP id pBPA4xMi034616;
	Sun, 25 Dec 2011 14:04:59 +0400 (MSK) (envelope-from ache@vniz.net)
Received: (from ache@localhost)
	by localhost (8.14.5/8.14.5/Submit) id pBPA4xYS034615;
	Sun, 25 Dec 2011 14:04:59 +0400 (MSK) (envelope-from ache)
Date: Sun, 25 Dec 2011 14:04:58 +0400
From: Andrey Chernov <ache@FreeBSD.ORG>
To: Xin LI <delphij@gmail.com>
Message-ID: <20111225100458.GA33652@vniz.net>
Mail-Followup-To: Andrey Chernov <ache@freebsd.org>,
	Xin LI <delphij@gmail.com>, Doug Barton <dougb@FreeBSD.ORG>,
	freebsd-security@FreeBSD.ORG
References: <20111223175143.GJ50300@deviant.kiev.zoral.com.ua>
	<20111224100509.GA98136@vniz.net>
	<CAGMYy3s4YM-j165o9p+EDgMf0+aJq7gKj5yR=LK8_yfECnbtog@mail.gmail.com>
	<20111224103948.GA10939@vniz.net>
	<CAGMYy3vUMUi0ajADs2AdVRPfWQShmjfXDHfrKTFBmHGiNTWPFA@mail.gmail.com>
	<20111224105045.GA11127@vniz.net>
	<8E5EE6FA-7BA1-4590-843A-F5C3C0493E5B@FreeBSD.org>
	<CAGMYy3u3ixg0rh16JFwL00a+H-qGb60LTR2tLgCrRXfAhMrvFA@mail.gmail.com>
	<4EF6444F.6090708@FreeBSD.org>
	<CAGMYy3uzLXMvw40q1hM9dnHGxxh+eO_8Y1nbNKsPSB_Aenmm7w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAGMYy3uzLXMvw40q1hM9dnHGxxh+eO_8Y1nbNKsPSB_Aenmm7w@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: freebsd-security@FreeBSD.ORG, Doug Barton <dougb@FreeBSD.ORG>
Subject: Re: svn commit: r228843 - head/contrib/telnet/libtelnet
 head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen
 head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec...
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Dec 2011 10:16:17 -0000

On Sat, Dec 24, 2011 at 09:14:44PM -0800, Xin LI wrote:
>  - Must not break existing and legitimate use of chroot(2), in other
> words no semantics change permitted.

Later POSIX drops chroot() completely, so we can feel free of bound of 
the strong legitimacy. 

We already have many counterexamples (mainly related to issetugid()). 
F.e. we disable user locale files - disable functionality. IMHO 
stopping thinking the way that chroot() is fully equivalent to the 
root hierarchy will be good starting point here.

-- 
http://ache.vniz.net/