Re: Proposal: Enabling unprivileged chroot by default

Reply: Jason Bacon : "Re: Proposal: Enabling unprivileged chroot by default"
Reply: Darren Henderson : "Re: Proposal: Enabling unprivileged chroot by default"
In reply to: Ed Maste : "Proposal: Enabling unprivileged chroot by default"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Jordan Gordeev <jgopensource_at_proton.me>
Date: Tue, 05 Aug 2025 19:59:48 UTC

On Tuesday, 5 August 2025 at 17:58, Ed Maste <emaste@freebsd.org> wrote:

> I would like to change the default value of the
> security.bsd.unprivileged_chroot sysctl from 0 (disabled) to 1
> (enabled). 

If a system manager wants to allow unprivileged users to use chroot(8), they can easily allow that by setting the sysctl to 1 on their system. Taking that into account, what problem will changing the default solve?

Do the majority of FreeBSD users simultaneously:
  1) have a desire to use chroot(8) as an unprivileged user
  2) have no clue how to change a sysctl?

To further my understanding of the tradeoffs involved, I'd like to read the security review of this proposed change commissioned by the FreeBSD Foundation. Where can I find it?

Best regards,
Jordan Gordeev