kern.chroot_allow_open_directories
Pieter de Boer
pieter at thedarkside.nl
Thu Jul 19 18:00:00 UTC 2007
Stef Walter wrote:
> The chroot(2) man page describes a sysctl called
> 'kern.chroot_allow_open_directories' which controls whether a process
> can chroot() and is already subject to the chroot() syscall.
>
> It seems that this sysctl can be trivially changed from within a
> chroot'd process (ie: if that process has superuser privileges).
>
> Is this sysctl meant to prevent breaking out of a chroot? Or am I
> missing the point of 'kern.chroot_allow_open_directories'?
>
If the sysctl was set to 0 at the moment chroot() was called, then the
chroot() would have failed if the calling process had open directories
(that's what the sysctl is meant to do, if I'm understanding the source
right). If directories weren't open, the chroot() would work, but the
process would obviously not be able to open directories outside the
chroot after that, even if you'd set the sysctl to 1.
As I see it, there's no problem here, but could be wrong; chroot() is
tricky afaik..
--
Pieter
More information about the freebsd-security
mailing list