diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 2015-01-22 20:44:06 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 2015-01-22 20:44:06 +0000 |
commit | fa61a7e1e13d07e7dece12b08acdad203063a97d (patch) | |
tree | 23afb491ca2b3ad5fbae96edf264de26b03bef84 /lib/libc | |
parent | 6c2c9cff4c91c0b9cae71bfbab93f3beb1b99a7d (diff) |
Document that changes made to the directory hierarchy of the chroot
jail may inadvertanly allow a process to escape. Also mention the
problem of directory fd passing. Based on a diff from deraadt@
Diffstat (limited to 'lib/libc')
-rw-r--r-- | lib/libc/sys/chroot.2 | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/libc/sys/chroot.2 b/lib/libc/sys/chroot.2 index d1d02922df1..2a0435e8945 100644 --- a/lib/libc/sys/chroot.2 +++ b/lib/libc/sys/chroot.2 @@ -1,4 +1,4 @@ -.\" $OpenBSD: chroot.2,v 1.21 2015/01/19 15:54:11 millert Exp $ +.\" $OpenBSD: chroot.2,v 1.22 2015/01/22 20:44:05 millert Exp $ .\" $NetBSD: chroot.2,v 1.7 1995/02/27 12:32:12 cgd Exp $ .\" .\" Copyright (c) 1983, 1991, 1993 @@ -30,7 +30,7 @@ .\" .\" @(#)chroot.2 8.1 (Berkeley) 6/4/93 .\" -.Dd $Mdocdate: January 19 2015 $ +.Dd $Mdocdate: January 22 2015 $ .Dt CHROOT 2 .Os .Sh NAME @@ -116,3 +116,8 @@ system call first appeared in .At v7 . .Sh CAVEATS There are ways for a root process to escape from the chroot jail. +Changes to the directory hierarchy made from outside the chroot jail +may allow a restricted process to escape, even if it is unprivileged. +Passing directory file descriptors via +.Xr recvmsg 2 +from outside the chroot jail may also allow a process to escape. |