Date: Tue, 23 Mar 1999 06:26:43 -0800 (PST) From: Poul-Henning Kamp <phk@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/lib/libc/sys chroot.2 src/sys/kern vfs_syscalls.c Message-ID: <199903231426.GAA62410@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
phk 1999/03/23 06:26:41 PST
Modified files:
lib/libc/sys chroot.2
sys/kern vfs_syscalls.c
Log:
Add a sysctl variable which can help stop chroot(2) escapes.
kern.chroot_allow_open_directories = 0
chroot(2) fails if there are open directories.
kern.chroot_allow_open_directories = 1 (default)
chroot(2) fails if there are open directories and the process
is subject of a previous chroot(2).
kern.chroot_allow_open_directories = anything else
filedescriptors are not checked. (old behaviour).
I'm very interested in reports about software which breaks when
running with the default setting.
Revision Changes Path
1.5 +29 -2 src/lib/libc/sys/chroot.2
1.121 +45 -1 src/sys/kern/vfs_syscalls.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903231426.GAA62410>