svn commit: r366266 - head/lib/libc/sys
Warner Losh
imp at FreeBSD.org
Tue Sep 29 18:13:54 UTC 2020
Author: imp
Date: Tue Sep 29 18:13:54 2020
New Revision: 366266
URL: https://svnweb.freebsd.org/changeset/base/366266
Log:
Updates to chroot(2) docs
1. Note what settings give historic behavior
2. Recommend jail under security considerations.
Modified:
head/lib/libc/sys/chroot.2
Modified: head/lib/libc/sys/chroot.2
==============================================================================
--- head/lib/libc/sys/chroot.2 Tue Sep 29 18:06:02 2020 (r366265)
+++ head/lib/libc/sys/chroot.2 Tue Sep 29 18:13:54 2020 (r366266)
@@ -28,7 +28,7 @@
.\" @(#)chroot.2 8.1 (Berkeley) 6/4/93
.\" $FreeBSD$
.\"
-.Dd June 26, 2020
+.Dd September 29, 2020
.Dt CHROOT 2
.Os
.Sh NAME
@@ -91,7 +91,10 @@ system call.
.Pp
Any other value for
.Ql kern.chroot_allow_open_directories
-will bypass the check for open directories
+will bypass the check for open directories,
+mimicking the historic insecure behavior of
+.Fn chroot
+still present on other systems.
.Sh RETURN VALUES
.Rv -std
.Sh ERRORS
@@ -156,3 +159,7 @@ root,
for instance,
setup the sandbox so that the sandboxed user will have no write
access to any well-known system directories.
+.Pp
+For complete isolation from the rest of the system, use
+.Xr jail 2
+instead.
More information about the svn-src-head
mailing list