search for: chroot_allow_open_directori

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The chroot(2) man page describes a sysctl called 'kern.chroot_allow_open_directories' which controls whether a process can chroot() and is already subject to the chroot() syscall. It seems that this sysctl can be trivially changed from within a chroot'd process (ie: if that process has superuser privileges). Is this sysctl meant to prevent breaking out of a chroot? Or a...

I suspect this has been asked before but I'll ask anyway. Q1: Is it possible for a non-root process to perform a chroot? My interest is this: I have a typical ISP hosting account (verio; on a FreeBSD 4.4 server.) I'd like to install and run various CGI packages, yet protect myself (and my email, and my .ssh keys) from bugs being exploited in those CGI packages. Chroot at the start

...undrobin_enabled: 1 kern.nselcoll: 0 kern.drainwait: 300 kern.tty_nin: 41 kern.tty_nout: 4198 kern.console: consolectl,/ttyd0,consolectl, kern.consmute: 0 kern.consmsgbuf_size: 8192 kern.constty_wakeups_per_second: 5 kern.filedelay: 30 kern.dirdelay: 29 kern.metadelay: 28 kern.minvnodes: 25000 kern.chroot_allow_open_directories: 1 kern.rpc.retries: 0 kern.rpc.request: 0 kern.rpc.timeouts: 0 kern.rpc.unexpected: 0 kern.rpc.invalid: 0 kern.random.yarrow.gengateinterval: 10 kern.random.yarrow.bins: 10 kern.random.yarrow.fastthresh: 192 kern.random.yarrow.slowthresh: 256 kern.random.yarrow.slowoverthresh: 2 kern.random.sys....