Stef Walter <[EMAIL PROTECTED]> writes: > The chroot(2) man page describes a sysctl called > 'kern.chroot_allow_open_directories' which controls whether a process > can chroot() and is already subject to the chroot() syscall. > > It seems that this sysctl can be trivially changed from within a > chroot'd process (ie: if that process has superuser privileges).
That's what securelevels are for. DES -- Dag-Erling Smørgrav - [EMAIL PROTECTED] _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
