DragonFly BSD
DragonFly submit List (threaded) for 2005-01
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: jls, jexec support


From: Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 31 Jan 2005 10:09:55 -0800 (PST)

:On Mon, Jan 31, 2005 at 09:16:59AM -0800, Matthew Dillon wrote:
:>      That's one of the major features of the new namecache code.  The old
:>      namecache code was purely advisory... in fact, VFS's could bypass it
:>      (and did).  The new namecache code is fully integrated, mandatory,
:>      separated from the vnode algorithms, and cannot be bypassed.
:
:Do we still have to mess with the vnode in kern_chroot? Can we use
:the namespace entry of the new root directly for fdp->fd_rdir?
:
:Joerg

    I've considered that point several times but for now I think we have
    to keep the vnode as a security measure.  Otherwise the chroot directory
    can be rm -rf'd, a new directory with the same name can be created,
    and then the process's chroot will be in a different directory.

    In anycase, the issue needs more thought.

					-Matt
					Matthew Dillon 
					<dillon@xxxxxxxxxxxxx>



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]