From 3af6d22bb3850ab2bac67287e3a3d3b0e32868e5 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 15 Apr 2024 21:41:07 +0200 Subject: Merging upstream version 6.7. Signed-off-by: Daniel Baumann --- man2/chroot.2 | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'man2/chroot.2') diff --git a/man2/chroot.2 b/man2/chroot.2 index d872b8a..bdba54f 100644 --- a/man2/chroot.2 +++ b/man2/chroot.2 @@ -10,7 +10,7 @@ .\" Modified 1997-08-21 by Joseph S. Myers .\" Modified 2004-06-23 by Michael Kerrisk .\" -.TH chroot 2 2023-04-03 "Linux man-pages 6.05.01" +.TH chroot 2 2023-10-31 "Linux man-pages 6.7" .SH NAME chroot \- change root directory .SH LIBRARY @@ -19,15 +19,15 @@ Standard C library .SH SYNOPSIS .nf .B #include -.PP +.P .BI "int chroot(const char *" path ); .fi -.PP +.P .RS -4 Feature Test Macro Requirements for glibc (see .BR feature_test_macros (7)): .RE -.PP +.P .BR chroot (): .nf Since glibc 2.2.2: @@ -43,12 +43,12 @@ changes the root directory of the calling process to that specified in .IR path . This directory will be used for pathnames beginning with \fI/\fP. The root directory is inherited by all children of the calling process. -.PP +.P Only a privileged process (Linux: one with the .B CAP_SYS_CHROOT capability in its user namespace) may call .BR chroot (). -.PP +.P This call changes an ingredient in the pathname resolution process and does nothing else. In particular, it is not intended to be used @@ -65,7 +65,7 @@ The easiest way to do that is to .BR chdir (2) to the to-be-moved directory, wait for it to be moved out, then open a path like ../../../etc/passwd. -.PP +.P .\" This is how the "slightly trickier variation" works: .\" https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-014-2015.txt#L142 A slightly @@ -76,19 +76,19 @@ If a daemon allows a "chroot directory" to be specified, that usually means that if you want to prevent remote users from accessing files outside the chroot directory, you must ensure that folders are never moved out of it. -.PP +.P This call does not change the current working directory, so that after the call \[aq]\fI.\fP\[aq] can be outside the tree rooted at \[aq]\fI/\fP\[aq]. In particular, the superuser can escape from a "chroot jail" by doing: -.PP +.P .in +4n .EX mkdir foo; chroot foo; cd .. .EE .in -.PP +.P This call does not close open file descriptors, and such file descriptors may allow access to files outside the chroot tree. .SH RETURN VALUE @@ -148,13 +148,13 @@ A child process created via inherits its parent's root directory. The root directory is left unchanged by .BR execve (2). -.PP +.P The magic symbolic link, .IR /proc/ pid /root , can be used to discover a process's root directory; see .BR proc (5) for details. -.PP +.P FreeBSD has a stronger .BR jail () system call. -- cgit v1.2.3