Date: Sun, 25 Dec 2011 14:04:58 +0400 From: Andrey Chernov <ache@FreeBSD.ORG> To: Xin LI <delphij@gmail.com> Cc: freebsd-security@FreeBSD.ORG, Doug Barton <dougb@FreeBSD.ORG> Subject: Re: svn commit: r228843 - head/contrib/telnet/libtelnet head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec... Message-ID: <20111225100458.GA33652@vniz.net> In-Reply-To: <CAGMYy3uzLXMvw40q1hM9dnHGxxh%2BeO_8Y1nbNKsPSB_Aenmm7w@mail.gmail.com> References: <20111223175143.GJ50300@deviant.kiev.zoral.com.ua> <20111224100509.GA98136@vniz.net> <CAGMYy3s4YM-j165o9p%2BEDgMf0%2BaJq7gKj5yR=LK8_yfECnbtog@mail.gmail.com> <20111224103948.GA10939@vniz.net> <CAGMYy3vUMUi0ajADs2AdVRPfWQShmjfXDHfrKTFBmHGiNTWPFA@mail.gmail.com> <20111224105045.GA11127@vniz.net> <8E5EE6FA-7BA1-4590-843A-F5C3C0493E5B@FreeBSD.org> <CAGMYy3u3ixg0rh16JFwL00a%2BH-qGb60LTR2tLgCrRXfAhMrvFA@mail.gmail.com> <4EF6444F.6090708@FreeBSD.org> <CAGMYy3uzLXMvw40q1hM9dnHGxxh%2BeO_8Y1nbNKsPSB_Aenmm7w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Dec 24, 2011 at 09:14:44PM -0800, Xin LI wrote: > - Must not break existing and legitimate use of chroot(2), in other > words no semantics change permitted. Later POSIX drops chroot() completely, so we can feel free of bound of the strong legitimacy. We already have many counterexamples (mainly related to issetugid()). F.e. we disable user locale files - disable functionality. IMHO stopping thinking the way that chroot() is fully equivalent to the root hierarchy will be good starting point here. -- http://ache.vniz.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111225100458.GA33652>