[Bug 121073] [kernel] [patch] run chroot as an unprivileged user
bz-noreply at freebsd.org
bz-noreply at freebsd.org
Mon Jun 16 12:19:45 UTC 2014
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=121073
Robert Watson <rwatson at FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rwatson at FreeBSD.org
--- Comment #8 from Robert Watson <rwatson at FreeBSD.org> ---
A appreciate the desirability for the features implied by this change, but
given the propensity for vulnerabilities relating to chroot() in the past,
think we should take a very conservative approach to potentially adopting it.
There's a particular concern with how it interacts with non-UNIX-ID-based
models -- e.g., MAC, Capsicum, Audit, Jail, as well as a future fine-grained
privilege model.
Overall, I'd rate this proposed change as "extremely high risk; we will fix
multiple vulnerabilities in it in the future," and so that cost would need to
be carefully weighed against presumed benefit -- a fine-grained privilege model
in which PRIV_CHROOT is delegable to only specific users or roles would help
mitigate that risk.
I wonder if a more suitable name for the proposed P_NOSUGID would be
P_NOCREDCHANGE, and I also wonder if it should be CR_NOCREDCHANGE.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list