Ummm sorry but i think you have goten this backwards it is more secure to
chdir, then chrrot, not chroot then chdir.... I believe what you have here is
backwards
>
> As we all know, the chroot can be escaped because the sample
> program doesn't change the current working directory, and it's
> still pointing outside the chrooted area.
>
> What if chroot itself chdir'ed to it's new root directory? Would
> this break existing programs? I'd expect that well-behaved
> programs would chdir someplace useful before continuing anyway.
>
> At the very end of chroot(), could it just
> vrele(fdp->fd_cdir);
> fdp->fd_cdir = nd.ni_vp;
> before it returns, setting the current dir to the same place it
> just chrooted to?
>
> Carol
> --
> Carol Deihl - principal, Shrier and Deihl - mailto:[EMAIL PROTECTED]
> Remote Unix Network Admin, Security, Internet Software Development
> Tinker Internet Services - Superior FreeBSD-based Web Hosting
> http://www.tinker.com/
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
