kern.chroot_allow_open_directories
Dag-Erling Smørgrav
des at des.no
Thu Jul 19 10:19:21 UTC 2007
Stef Walter <stef at memberwebs.com> writes:
> The chroot(2) man page describes a sysctl called
> 'kern.chroot_allow_open_directories' which controls whether a process
> can chroot() and is already subject to the chroot() syscall.
>
> It seems that this sysctl can be trivially changed from within a
> chroot'd process (ie: if that process has superuser privileges).
That's what securelevels are for.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list