-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The chroot(2) man page describes a sysctl called 'kern.chroot_allow_open_directories' which controls whether a process can chroot() and is already subject to the chroot() syscall. It seems that this sysctl can be trivially changed from within a chroot'd process (ie: if that process has superuser privileges). Is this sysctl meant to prevent breaking out of a chroot? Or am I missing the point of 'kern.chroot_allow_open_directories'? Cheers, Stef -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGnC7+e/sRCNknZa8RAhaJAKCSioePX83kGugueXzjs8MSz3KN+wCgmzMl FvJxyklaeTGOcN1NSjl/llY=mrWp -----END PGP SIGNATURE-----
Stef Walter <stef@memberwebs.com> writes:> The chroot(2) man page describes a sysctl called > 'kern.chroot_allow_open_directories' which controls whether a process > can chroot() and is already subject to the chroot() syscall. > > It seems that this sysctl can be trivially changed from within a > chroot'd process (ie: if that process has superuser privileges).That's what securelevels are for. DES -- Dag-Erling Sm?rgrav - des@des.no
Stef Walter wrote:> The chroot(2) man page describes a sysctl called > 'kern.chroot_allow_open_directories' which controls whether a process > can chroot() and is already subject to the chroot() syscall. > > It seems that this sysctl can be trivially changed from within a > chroot'd process (ie: if that process has superuser privileges). > > Is this sysctl meant to prevent breaking out of a chroot? Or am I > missing the point of 'kern.chroot_allow_open_directories'? >If the sysctl was set to 0 at the moment chroot() was called, then the chroot() would have failed if the calling process had open directories (that's what the sysctl is meant to do, if I'm understanding the source right). If directories weren't open, the chroot() would work, but the process would obviously not be able to open directories outside the chroot after that, even if you'd set the sysctl to 1. As I see it, there's no problem here, but could be wrong; chroot() is tricky afaik.. -- Pieter