Re: Relax the prohibition of usage fchdir(2) to quit a chroot

To: "Kamil Rytarowski" <n54%gmx.com@localhost>
Subject: Re: Relax the prohibition of usage fchdir(2) to quit a chroot
From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
Date: Sun, 21 Sep 2014 14:51:38 +0000

   Date: Sun, 21 Sep 2014 11:37:23 +0200
   From: "Kamil Rytarowski" <n54%gmx.com@localhost>

   My proposition is to add:

   security.chroot.allow_fchdir_out_of_chroot = 0
   security.chroot.allow_sysctl_inside_chroot = 1

   It's not broken by a 'the right design', but stops the job from being done.

   It passed a year after coming to conclusion how to walk-around
   it... fix the kernel.

The kernel is not broken.  Creating this security hole is ridiculous.
Fix the userland software -- it's not hard to structure right.  If
rpm's code base is an unmaintainable mess, too bad.

References:
- Re: Relax the prohibition of usage fchdir(2) to quit a chroot
  - From: Kamil Rytarowski

Prev by Date: Re: Relax the prohibition of usage fchdir(2) to quit a chroot
Next by Date: Re: Relax the prohibition of usage fchdir(2) to quit a chroot
Previous by Thread: Re: Relax the prohibition of usage fchdir(2) to quit a chroot
Next by Thread: Re: Relax the prohibition of usage fchdir(2) to quit a chroot
Indexes:

Home | Main Index | Thread Index | Old Index