kern.chroot_allow_open_directories
Stef Walter
stef at memberwebs.com
Tue Jul 17 03:40:47 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The chroot(2) man page describes a sysctl called
'kern.chroot_allow_open_directories' which controls whether a process
can chroot() and is already subject to the chroot() syscall.
It seems that this sysctl can be trivially changed from within a
chroot'd process (ie: if that process has superuser privileges).
Is this sysctl meant to prevent breaking out of a chroot? Or am I
missing the point of 'kern.chroot_allow_open_directories'?
Cheers,
Stef
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGnC7+e/sRCNknZa8RAhaJAKCSioePX83kGugueXzjs8MSz3KN+wCgmzMl
FvJxyklaeTGOcN1NSjl/llY=
=mrWp
-----END PGP SIGNATURE-----
More information about the freebsd-security
mailing list