[Bug 3715] safely_chroot is a little too restrictive: noexec or nosuid should be enough

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Jul 31 14:56:18 AEST 2024


https://bugzilla.mindrot.org/show_bug.cgi?id=3715

--- Comment #7 from Joshua Hudson <joshudson at gmail.com> ---
One problem here is that statvfs() isn't specified to return ST_NOEXEC
and ST_NODEV https://pubs.opengroup.org/onlinepubs/9799919799/ and
indeed quite a few operating systems don't do it:

Correct: in my imagination autoconf would notice the constants aren't
in the header file or the header file doesn't exist and it just reverts
to the target directory must indeed be owned by root.

If the constants exist in the header file the and the OS doesn't return
the flags; well it fails safe.

My own man page is telling me to not call statfs().

I suppose I could do a #elif HAVE_STATFS here (and rearrange the code a
bit).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list