Is it possible to exit the chroot(2) environment?

Warner Losh imp at bsdimp.com
Sun Sep 27 20:15:52 UTC 2020


On Sun, Sep 27, 2020, 2:09 PM Kyle Evans <kevans at freebsd.org> wrote:

> On Sun, Sep 27, 2020 at 3:04 PM Yuri <yuri at rawbw.com> wrote:
> >
> > On 2020-09-27 12:56, Kyle Evans wrote:
> > > kern.chroot_allow_open_directories to some value that isn't 0 or 1.
> >
> >
> > It succeeds with kern.chroot_allow_open_directories=2.
> >
> >
>
> Ok, so Warner's proposal was correct and we've verified the semantics
> work out the same, this is simply a behavioral difference in that
> we're a little more strict -- presumably to make it less trivial to
> break out of a chroot.
>
> I suspect a default change for the sysctl/behavior is unlikely, your
> best bet to move forward is probably to work out if they really need
> to have dangling directories open and correct that if at all possible.
>

To be fair, we are more strict than Linux... but it is documented. Though
if there were some way to highlight that better, I'd be open to working
that in. Maybe a sentence on 'any other value' paragraph talking about
traditional behavior...

Warner

_______________________________________________
> freebsd-hackers at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>


More information about the freebsd-hackers mailing list