Relax the prohibition of usage fchdir(2) to quit a chroot

To: tech-security%netbsd.org@localhost
Subject: Relax the prohibition of usage fchdir(2) to quit a chroot
From: "Kamil Rytarowski" <n54%gmx.com@localhost>
Date: Sun, 21 Sep 2014 02:02:45 +0200

Hello,

There is a security feature in sys_fchdir [1] with the following comment: 
        /*  
         * Disallow changing to a directory not under the process's
         * current root directory (if there is one). 
         */

This feature actually kills functionality of i.e. misc/rpm with the '--root' 
feature.

Linux by default doesn't make this restriction, it's enabled i.e. with 
grecurity [2].
I need to use this feature, without tools like fakechroot.. so am I free to 
propose a patch swapping this feature on and off in runtime with sysctl?

My proposition is:
security.chroot.allow_fchdir_out_of_chroot (sorry I'm bad at brief names).

Maybe try to implement other chroot restrictions and make them swappable in 
runtime as well?

With regards,


[1] 
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/kern/vfs_syscalls.c?annotate=1.491
[2] http://en.wikipedia.org/wiki/Grsecurity#Chroot_restrictions

Follow-Ups:
- Re: Relax the prohibition of usage fchdir(2) to quit a chroot
  - From: Matt Thomas

Prev by Date: NetBSD Security Advisory 2014-012: Memory leak in the setsockopt system call
Next by Date: Re: Relax the prohibition of usage fchdir(2) to quit a chroot
Previous by Thread: NetBSD Security Advisory 2014-012: Memory leak in the setsockopt system call
Next by Thread: Re: Relax the prohibition of usage fchdir(2) to quit a chroot
Indexes:

Home | Main Index | Thread Index | Old Index