[Bug 3715] safely_chroot is a little too restrictive: noexec or nosuid should be enough
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Jul 31 16:03:10 AEST 2024
https://bugzilla.mindrot.org/show_bug.cgi?id=3715
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #3828|0 |1
is obsolete| |
--- Comment #8 from Damien Miller <djm at mindrot.org> ---
Created attachment 3829
--> https://bugzilla.mindrot.org/attachment.cgi?id=3829&action=edit
try statvfs and statfs
Something like this could work, though I think we'll need a few
opinions on whether this is safe at all.
Personally I'm not convinced - there's a fair bit of stuff in /etc that
can be referenced quite late in a program's execution and I don't trust
that libc has been sufficiently hardened against an adversarial /etc
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list