svn commit: r228843 - head/contrib/telnet/libtelnet
head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen
head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec...
Andrey Chernov
ache at FreeBSD.ORG
Sat Dec 24 10:57:22 UTC 2011
On Sat, Dec 24, 2011 at 02:50:45PM +0400, Andrey Chernov wrote:
> On Sat, Dec 24, 2011 at 02:45:21AM -0800, Xin LI wrote:
> > On Sat, Dec 24, 2011 at 2:39 AM, Andrey Chernov <ache at freebsd.org> wrote:
> > > On Sat, Dec 24, 2011 at 02:26:20AM -0800, Xin LI wrote:
> > >> chroot(2) can create legitimate and secure environment where dlopen(2)
> > >> is safe and necessary.
> > >
> > > Yes, so ischroot() check can be used only into that places where libc's
> > > libc_dlopen() currently used, i.e. placed into libc_dlopen() itself.
> >
> > So it's Okay to break NSS in chroot jail?
>
> We need general solution. We simple can't count all possible and future
> ftpd's arround the world and insert __FreeBSD_libc_enter_restricted_mode()
> into them. I even not mention other programs that may use chroot() too. If
> some component like auth is critical for chroot, it should be restricted
> in general scope.
To work in admin-think-safe environment we can add another syscall like
safe_chroot(1). When it is marked as safe, ischroot() will return 0.
--
http://ache.vniz.net/
More information about the svn-src-head
mailing list