svn commit: r228843 - head/contrib/telnet/libtelnet
head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen
head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec...
Andrey Chernov
ache at FreeBSD.ORG
Sun Jan 15 11:35:41 UTC 2012
On Sun, Jan 15, 2012 at 02:44:35AM -0800, Xin LI wrote:
> Why you need anything if the program needs to run something inside the
> chroot, which means one already have set up a full chroot environment?
1) ftpds usually not allows to run any program by default. Max default set
usualy is: ls, tar, gzip, zip, compress and date. Nobody of them can reset
environment and so touch LD_SO_DISABLE. Some external programs can be
added to the ftpd config, but it is responsibility of admin to add not
unrar but /bin/sh there, i.e. footshooting.
2) It is interesting question: what other camps implements to prevent the
problem?
I mean other *BSDs and Linuxes.
a) If they implement nothing, there is possibility that this artificial
problem exists purely in our @secteam exalted minds, which can't review
simple patch for >3 years but always are ready for some bit of
ugly and unneded creativity. In that particular case it is due to
unwilling to pass responsibility to admin who creates chroot()
environment.
b) If they implement something, why there are no any mentions of it in
your list of discussed ideas?
--
http://ache.vniz.net/
More information about the svn-src-head
mailing list