Date: Thu, 19 Jul 2007 19:35:13 +0200 From: Pieter de Boer <pieter@thedarkside.nl> To: Stef Walter <stef@memberwebs.com> Cc: freebsd-security@freebsd.org Subject: Re: kern.chroot_allow_open_directories Message-ID: <469FA0D1.7000304@thedarkside.nl> In-Reply-To: <20070717032204.09BA8D4F8E@mx.npubs.com> References: <20070717032204.09BA8D4F8E@mx.npubs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Stef Walter wrote: > The chroot(2) man page describes a sysctl called > 'kern.chroot_allow_open_directories' which controls whether a process > can chroot() and is already subject to the chroot() syscall. > > It seems that this sysctl can be trivially changed from within a > chroot'd process (ie: if that process has superuser privileges). > > Is this sysctl meant to prevent breaking out of a chroot? Or am I > missing the point of 'kern.chroot_allow_open_directories'? > If the sysctl was set to 0 at the moment chroot() was called, then the chroot() would have failed if the calling process had open directories (that's what the sysctl is meant to do, if I'm understanding the source right). If directories weren't open, the chroot() would work, but the process would obviously not be able to open directories outside the chroot after that, even if you'd set the sysctl to 1. As I see it, there's no problem here, but could be wrong; chroot() is tricky afaik.. -- Pieter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?469FA0D1.7000304>