fchroot(2) and others.
Jilles Tjoelker
jilles+fbsd-arch at stack.nl
Sat Mar 27 16:04:16 PST 2004
On Sat, Mar 27, 2004 at 09:36:20PM +0100, Pawel Jakub Dawidek wrote:
> Are we interested in fchroot(2) syscall? It exists in NetBSD.
How's that better than chdir(CHROOTDIR); chroot("."); ?
NetBSD seems to have implemented it for SunOS/Solaris compatibility.
> If so, its implementation is in pjd_secure_syscalls branch or
> at:
> http://people.freebsd.org/~pjd/patches/secure_syscalls.patch
> I've also impelemnted safe versions of other syscalls:
> int flink(int fd, const char *link);
This means that you can access a file forever when you get a descriptor
on it once, which may not be desired. In any case, this gives more
rights than normal. You could mitigate this by requiring the caller to
own the file, or by following the same approach (fd+name) as in
funlink() and frename().
> int funlink(int fd, const char *path);
> int frename(int fd, const char *from, const char *to);
Looks good, but I don't really know whether it's worth the extra
syscalls. It's not much use if find -unlink doesn't use them.
> Maybe funlink(2) and frename(2) looks wired, but it should work.
> The idea is, that one cannot pass descriptor number only to those
> functions, because they're operating on file systems object names
> and there is no clean way to get path name from descriptor.
It's actually impossible to get the path name, there may be zero names,
or more than one.
--
Jilles Tjoelker
More information about the freebsd-arch
mailing list