[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: chroot() break



matthew patton <mep@netsec.net> writes:

> On Wed, 23 May 2001, Bill Larson wrote:
> 
> > It may not be direclty applicable to OpenBSD, but it is a general
> > reference/analysis for chroot operations at
> > <http://www.bpfh.net/simes/computing/chroot-break.html>.  Take a look
> > and determine your level of concern.
> 
> and what's stopping OpenBSD from doing the same thing that FreeBSD does
> (ie fail if open file descripter)? Seems straightforward to me.

Why bother? root has many more ways to escape a chroot. Closing all those
possibilities would mean that root would loose all his privileges while in
chroot and then it's pointless to be root anyway.

//art