[Bug 3715] safely_chroot is a little too restrictive: noexec or nosuid should be enough
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Jul 31 14:47:17 AEST 2024
https://bugzilla.mindrot.org/show_bug.cgi?id=3715
--- Comment #6 from Damien Miller <djm at mindrot.org> ---
One problem here is that statvfs() isn't specified to return ST_NOEXEC
and ST_NODEV https://pubs.opengroup.org/onlinepubs/9799919799/ and
indeed quite a few operating systems don't do it:
https://man.freebsd.org/cgi/man.cgi?query=statvfs
https://man.openbsd.org/statvfs.3
https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/statvfs.3.html
https://docs.oracle.com/cd/E86824_01/html/E54765/statvfs-2.html
I thought it might be better to use statfs() here, which is specified
to offer this, even though it isn't POSIX but that comes with its own
problems as the f_flags isn't really specified there at all, e.g.
https://man.openbsd.org/statfs.2
Practically here, f_flags gets set to the mount flags as per
https://man.openbsd.org/mount.2 - most other operating systems document
this.
It's a pity that POSIX.1-2024 didn't improve statvfs(3)
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list