Date: Mon, 06 Aug 2018 16:22:17 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 223327] dhclient: close the pidfile before calling chroot(2) Message-ID: <bug-223327-227-DddXQPQy2U@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-223327-227@https.bugs.freebsd.org/bugzilla/> References: <bug-223327-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223327 --- Comment #12 from commit-hook@freebsd.org --- A commit references this bug: Author: markj Date: Mon Aug 6 16:22:02 UTC 2018 New revision: 337382 URL: https://svnweb.freebsd.org/changeset/base/337382 Log: dhclient: Don't chroot if we are in capability mode. The main dhclient process is Capsicumized but also chroots to restrict filesystem access. With r322369, pidfile(3) maintains a directory descriptor for the pidfile, which can cause the chroot to fail in certain cases. To minimize the problem, only chroot if we fail to enter capability mode, and store dhclient pidfiles in a subdirectory of /var/run, thus restricting access via pidfile(3)'s directory descriptor. PR: 223327 Reviewed by: cem, oshogbo Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D16584 Changes: head/etc/mtree/BSD.var.dist head/sbin/dhclient/dhclient.8 head/sbin/dhclient/dhclient.c head/sbin/init/rc.d/dhclient --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-223327-227-DddXQPQy2U>