svn commit: r228843 - head/contrib/telnet/libtelnet
head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen
head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec...
Andrey Chernov
ache at FreeBSD.ORG
Sun Dec 25 10:16:17 UTC 2011
On Sat, Dec 24, 2011 at 09:14:44PM -0800, Xin LI wrote:
> - Must not break existing and legitimate use of chroot(2), in other
> words no semantics change permitted.
Later POSIX drops chroot() completely, so we can feel free of bound of
the strong legitimacy.
We already have many counterexamples (mainly related to issetugid()).
F.e. we disable user locale files - disable functionality. IMHO
stopping thinking the way that chroot() is fully equivalent to the
root hierarchy will be good starting point here.
--
http://ache.vniz.net/
More information about the freebsd-security
mailing list