Subject: Re: chroot jail for ftpd
To: None <email@example.com>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
Date: 10/17/2001 19:17:49
In message <20011017220119.A13138@rek.tjls.com>Thor Lancelot Simon writes
>On Thu, Oct 18, 2001 at 11:51:06AM +1000, Simon Burge wrote:
>Christos persuaded me that I wasn't. Why? Well, you can create a shared
>library in one of the scratch filesystems and get it loaded using
>LD_LIBRARY_PATH or LD_PRELOAD when running an existing executable.
>Fixing this would require not allowing executable mappings if the backing
>vnode weren't executable. I think that this is actually unquestionably
>correct, but because the original Sun implementation didn't require it,
>we will get zillions of complaints from people who say that we "broke
I didnt see any preceding context, but...
Sun had to deal too with legacy code which opened and read directories.
We could take the same approach as there: log a warning now,
disallow altogether in the next release. Add a sysctl to disallow
it now, and a config-time option for the paranoid.
(People relying on securelevel build their own kernels, right?)