Date: Tue, 29 Sep 2020 18:13:54 +0000 (UTC) From: Warner Losh <imp@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r366266 - head/lib/libc/sys Message-ID: <202009291813.08TIDsbP089154@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: imp Date: Tue Sep 29 18:13:54 2020 New Revision: 366266 URL: https://svnweb.freebsd.org/changeset/base/366266 Log: Updates to chroot(2) docs 1. Note what settings give historic behavior 2. Recommend jail under security considerations. Modified: head/lib/libc/sys/chroot.2 Modified: head/lib/libc/sys/chroot.2 ============================================================================== --- head/lib/libc/sys/chroot.2 Tue Sep 29 18:06:02 2020 (r366265) +++ head/lib/libc/sys/chroot.2 Tue Sep 29 18:13:54 2020 (r366266) @@ -28,7 +28,7 @@ .\" @(#)chroot.2 8.1 (Berkeley) 6/4/93 .\" $FreeBSD$ .\" -.Dd June 26, 2020 +.Dd September 29, 2020 .Dt CHROOT 2 .Os .Sh NAME @@ -91,7 +91,10 @@ system call. .Pp Any other value for .Ql kern.chroot_allow_open_directories -will bypass the check for open directories +will bypass the check for open directories, +mimicking the historic insecure behavior of +.Fn chroot +still present on other systems. .Sh RETURN VALUES .Rv -std .Sh ERRORS @@ -156,3 +159,7 @@ root, for instance, setup the sandbox so that the sandboxed user will have no write access to any well-known system directories. +.Pp +For complete isolation from the rest of the system, use +.Xr jail 2 +instead.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202009291813.08TIDsbP089154>