On Thu, Jul 19, 2007 at 08:34:29PM +0000, Stef Walter wrote: > Pieter de Boer wrote: > >> Is this sysctl meant to prevent breaking out of a chroot? Or am I > >> missing the point of 'kern.chroot_allow_open_directories'? > >> > > If the sysctl was set to 0 at the moment chroot() was called, then the > > chroot() would have failed if the calling process had open directories > > (that's what the sysctl is meant to do, if I'm understanding the source > > right). If directories weren't open, the chroot() would work, but the > > process would obviously not be able to open directories outside the > > chroot after that, even if you'd set the sysctl to 1. > > > > As I see it, there's no problem here, but could be wrong; chroot() is > > tricky afaik.. > > Yes, it sure is. > > However if a root process inside the chroot jail reset that sysctl, > after which it seems it could perform the usual break out thingy: > > http://www.bpfh.net/simes/computing/chroot-break.html > > I guess what I was wondering, is if FreeBSD is in fact immune to this > attack, and whether it makes sense to chroot superuser processes on FreeBSD.
Superuser running inside chroot(2) has many ways to escape. You bascially gain no additional security in chrooting a process that will continue to operate with privileges. You should either chroot and drop privileges or use jail(2). -- Pawel Jakub Dawidek http://www.wheel.pl [EMAIL PROTECTED] http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am!
pgprQQSmvUSho.pgp
Description: PGP signature
