Is it possible to exit the chroot(2) environment?
Warner Losh
imp at bsdimp.com
Sat Oct 17 00:12:19 UTC 2020
On Fri, Oct 16, 2020, 6:01 PM Yuri <yuri at rawbw.com> wrote:
> On 9/27/20 1:25 PM, Kyle Evans wrote:
> > +1. I think an additional sentence pointing out that that's the
> > traditional behavior would outline that this is perhaps what's needed,
> > maybe with a specific EPERM reference.
> >
> > It's tempting to also propose switching it to the even-more-strict 0
> > at some point, perhaps considering a procctl(2) if we really find some
> > scenarios where it's absolutely necessary... we'll leave that battle
> > to a different day, though.
>
>
> I have several questions though:
>
> 1) What does this check really guard against?
> kern.chroot_allow_open_directories=0 prevents chroot(2) when there are
> open directories, and kern.chroot_allow_open_directories=1 prevents exit
> from chrooted environment when there were open directories. But what is
> the benefit? The process opened some directories and holds open file
> handles. How can this interfere with choot? What could go wrong that is
> prevented by this check?
>
Some users of chroot don't want to exit the chroot environment. It's more
or a security thing. This is a very different intended use pattern than
your case. That's why it's a knob: it is more secure by default.
One might ask if such a default makes sense in a jail world... that's a
fair question.
2) Why is there no similar check for open files? Why directories are
> special?
>
Open directories can lead to jailbreak. Special files generally can't.
Warner
> Thank you,
>
> Yuri
>
>
>
More information about the freebsd-hackers
mailing list