[Midnightbsd-cvs] [MidnightBSD/src] cba12f: prowld: enforce root_directory as a chroot(2) boun...
Lucas Holt
noreply at github.com
Sun Apr 19 00:15:14 EDT 2026
Branch: refs/heads/master
Home: https://github.com/MidnightBSD/src
Commit: cba12fe7b7c458eac7c1494f768eccc3b5edc972
https://github.com/MidnightBSD/src/commit/cba12fe7b7c458eac7c1494f768eccc3b5edc972
Author: Lucas Holt <luke at foolishgames.com>
Date: 2026-04-19 (Sun, 19 Apr 2026)
Changed paths:
M sbin/prowld/supervisor.c
Log Message:
-----------
prowld: enforce root_directory as a chroot(2) boundary
root_directory was parsed and stored but child_setup_and_exec() never
called chroot(2), so services configured for filesystem isolation ran
with full host filesystem access — a false sense of containment.
Add chroot(job->root_directory) as the first operation in the child,
before drop_privileges(), since chroot(2) requires root. A chdir("/")
immediately follows to ensure the process cannot reach outside the new
root via a lingering CWD reference. working_directory is then applied
relative to the chroot root. Any chroot failure causes _exit(1) so the
service never starts with a weaker-than-configured isolation boundary.
AI-Assisted-by: Claude Sonnet 4.6
To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications
More information about the Midnightbsd-cvs
mailing list