Date: Tue, 17 Jul 2007 03:22:04 +0000 (UTC) From: Stef Walter <stef@memberwebs.com> To: freebsd-security@freebsd.org Subject: kern.chroot_allow_open_directories Message-ID: <20070717032204.09BA8D4F8E@mx.npubs.com>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The chroot(2) man page describes a sysctl called 'kern.chroot_allow_open_directories' which controls whether a process can chroot() and is already subject to the chroot() syscall. It seems that this sysctl can be trivially changed from within a chroot'd process (ie: if that process has superuser privileges). Is this sysctl meant to prevent breaking out of a chroot? Or am I missing the point of 'kern.chroot_allow_open_directories'? Cheers, Stef -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGnC7+e/sRCNknZa8RAhaJAKCSioePX83kGugueXzjs8MSz3KN+wCgmzMl FvJxyklaeTGOcN1NSjl/llY= =mrWp -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070717032204.09BA8D4F8E>