[Midnightbsd-cvs] [MidnightBSD/src] c515c2: prowld.8: document root_directory chroot enforceme...
Lucas Holt
noreply at github.com
Sun Apr 19 00:16:12 EDT 2026
Branch: refs/heads/master
Home: https://github.com/MidnightBSD/src
Commit: c515c2cb99c2044dbc132718f2f950329045cf55
https://github.com/MidnightBSD/src/commit/c515c2cb99c2044dbc132718f2f950329045cf55
Author: Lucas Holt <luke at foolishgames.com>
Date: 2026-04-19 (Sun, 19 Apr 2026)
Changed paths:
M sbin/prowld/prowld.8
Log Message:
-----------
prowld.8: document root_directory chroot enforcement and ordering
Expand the root_directory field description to reflect the actual
implementation: chroot(2) is called as root before privilege drop,
chdir("/") follows immediately to prevent CWD-based escapes, and
working_directory is then interpreted relative to the chroot root.
Note that chroot failure aborts the service start, and add a security
note that root inside a chroot can escape — recommend pairing with
the user field.
AI-Assisted-by: Claude Sonnet 4.6
To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications
More information about the Midnightbsd-cvs
mailing list