Subject: Re: i386 IO access and chroot()
To: Michael Richardson <mcr@sandelman.ottawa.on.ca>
From: Andrew Brown <atatat@atatdot.net>
List: tech-security
Date: 07/17/2001 15:58:54
>  (I do not even think that the fchdir() checks should be done. I've used
>used the fact that you can fchdir() out of the chroot in some applications)

from vfs_syscalls.c:

     1 /* $NetBSD: vfs_syscalls.c,v 1.167 2001/06/28 08:04:18 jdolecek Exp $ */
...
   765 sys_fchdir(p, v, retval)
...
   807  /*
   808   * Disallow changing to a directory not under the process's
   809   * current root directory (if there is one).
   810   */
   811  if (cwdi->cwdi_rdir && !vn_isunder(vp, NULL, p)) {
   812   vrele(vp);
   813   error = EPERM; /* operation not permitted */
   814   goto out;
   815  }

so you can't do that here.  not since march '99.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."