chroot vs unveil

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

chroot vs unveil

Kevin Chadwick-4
I am considering replacing all chroot use with unveil in my processes even where
no filesystem access is required. Is there any guidance on whether that is the
best practice, where you only intend to run on OpenBSD?

Reply | Threaded
Open this post in threaded view
|

Re: chroot vs unveil

Theo de Raadt-2
Kevin Chadwick <[hidden email]> wrote:

> I am considering replacing all chroot use with unveil in my processes even where
> no filesystem access is required.

I am discouraging this.

unveil is a complicated mechanism, and we may still discover a bug in
it.

Almost all the chroot in the tree are to empty unwriteable directories,
in which case chroot is very secure and a very simple mechanism.

Reply | Threaded
Open this post in threaded view
|

Re: chroot vs unveil

Kevin Chadwick-4
>
>> I am considering replacing all chroot use with unveil in my processes even where
>> no filesystem access is required.
>
> I am discouraging this.
>
> unveil is a complicated mechanism, and we may still discover a bug in
> it.
>
> Almost all the chroot in the tree are to empty unwriteable directories,
> in which case chroot is very secure and a very simple mechanism.
>

I shall do the same then, thank you for the guidance.

Reply | Threaded
Open this post in threaded view
|

Re: chroot vs unveil

whistlez-ml
In reply to this post by Theo de Raadt-2
On Thu, Feb 06, 2020 at 10:35:17AM -0700, Theo de Raadt wrote:

> Kevin Chadwick <[hidden email]> wrote:
>
> > I am considering replacing all chroot use with unveil in my processes even where
> > no filesystem access is required.
>
> I am discouraging this.
>
> unveil is a complicated mechanism, and we may still discover a bug in
> it.
>
> Almost all the chroot in the tree are to empty unwriteable directories,
> in which case chroot is very secure and a very simple mechanism.
>

you'd suggest the same for the browsers ?
thank you

Reply | Threaded
Open this post in threaded view
|

Re: chroot vs unveil

Theo de Raadt-2
[hidden email] wrote:

> On Thu, Feb 06, 2020 at 10:35:17AM -0700, Theo de Raadt wrote:
> > Kevin Chadwick <[hidden email]> wrote:
> >
> > > I am considering replacing all chroot use with unveil in my processes even where
> > > no filesystem access is required.
> >
> > I am discouraging this.
> >
> > unveil is a complicated mechanism, and we may still discover a bug in
> > it.
> >
> > Almost all the chroot in the tree are to empty unwriteable directories,
> > in which case chroot is very secure and a very simple mechanism.
> >
>
> you'd suggest the same for the browsers ?

they don't use chroot, and they cannot.

chroot is *only* available to root.