From owner-freebsd-security Mon Sep 27 13:41:58 1999 Delivered-To: freebsd-security@freebsd.org Received: from tinker.com (troll.tinker.com [204.214.7.146]) by hub.freebsd.org (Postfix) with ESMTP id BDBD115362; Mon, 27 Sep 1999 13:41:36 -0700 (PDT) (envelope-from carol@tinker.com) Received: by localhost (8.8.5/8.8.5) Received: by mail.tinker.com via smap (V2.0) id xma012420; Mon Sep 27 15:18:42 1999 Received: by localhost (8.8.8/8.8.8) id PAA14572; Mon, 27 Sep 1999 15:40:52 -0500 (CDT) Message-ID: <37EFD638.528A5C9@tinker.com> Date: Mon, 27 Sep 1999 15:40:24 -0500 From: Carol Deihl Organization: Shrier and Deihl X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 2.2.8-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Poul-Henning Kamp Cc: Julian Elischer , freebsd-security@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG Subject: Re: chroot could chdir? (was Re: about jail) References: <19097.938417784@critter.freebsd.dk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Poul-Henning Kamp wrote: > > In message , Julian Elischer writes: > >I read it as her talking about chroot in general. Yep, I was. > We do. See source. :-) Are you talking about the new jail() call only, or does this apply to chroot() (especially in 3.2) ? (And I am looking in the source now, I'm just not too familiar with it... :-) ) Carol > >> >You have to examine ALL fd's in case one has a directory open that is > >> >outside the chroot.. > >> >(see man fchdir(2)) > >> > >> We do. See source. -- Carol Deihl - principal, Shrier and Deihl - mailto:carol@tinker.com Remote Unix Network Admin, Security, Internet Software Development Tinker Internet Services - Superior FreeBSD-based Web Hosting http://www.tinker.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message