Hello,
I was wrong with openat() syscall, portmap daemon holds no open
directories outside chroot dir. But access to files outside /var/empty
is much easier -- use regular open(2) and relative pathnames.
Proof:
# lsof -n -p 7892
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
portmap 7892 daemon cwd DIR 9,1 4096 2 /
portmap 7892 daemon rtd DIR 9,1 4096 295046 /var/empty
...
# gdb -p 7892
...
(gdb) print creat("./tmp/aaaa",0)
$1 = 8
(gdb) shell ls -l /tmp/aaaa
---------- 1 daemon daemon 0 Sep 3 15:32 /tmp/aaaa
So, no security benefits from chroot(2).
Regards,
Kupson
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]