Subject: Re: chroot jail for ftpd
To: None <>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
List: tech-kern
Date: 10/17/2001 19:17:49
In message <>Thor Lancelot Simon writes
>On Thu, Oct 18, 2001 at 11:51:06AM +1000, Simon Burge wrote:


>Christos persuaded me that I wasn't.  Why?  Well, you can create a shared
>library in one of the scratch filesystems and get it loaded using
>LD_LIBRARY_PATH or LD_PRELOAD when running an existing executable.
>Fixing this would require not allowing executable mappings if the backing
>vnode weren't executable.  I think that this is actually unquestionably
>correct, but because the original Sun implementation didn't require it,
>we will get zillions of complaints from people who say that we "broke
>shared libraries".

I didnt see any preceding context, but...

Sun had to deal too with legacy code which opened and read directories.
We could take the same approach as there: log a warning now,
disallow altogether in the next release.  Add a sysctl to disallow 
it now, and a config-time option for the paranoid.

(People relying on  securelevel build their own kernels, right?)