Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 12 Aug 2024 22:36:43 +0000
From:      bugzilla-noreply@freebsd.org
To:        jail@FreeBSD.org
Subject:   [Bug 277210] jail(8): exec.clean retrieves PWD from user info (can cause services to crash on jail start-up)
Message-ID:  <bug-277210-29815-A5KLMkfieM@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-277210-29815@https.bugs.freebsd.org/bugzilla/>
References:  <bug-277210-29815@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D277210

--- Comment #16 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=3D5cf705491727dd963485f9911ee3d52c3=
bf148db

commit 5cf705491727dd963485f9911ee3d52c3bf148db
Author:     Jamie Gritton <jamie@FreeBSD.org>
AuthorDate: 2024-08-12 22:23:28 +0000
Commit:     Jamie Gritton <jamie@FreeBSD.org>
CommitDate: 2024-08-12 22:23:28 +0000

    jail: only chdir to user's home directory when user is specified

    jail(8) with the "exec.clean" parameter not only cleans the enviromnent
    variables before running commands, but also changes to the user's home
    directory.  While this makes sense when auser is specified (via one of
    the exec.*_user parameters), it leads to all commands being run in the
    jail's /root directory even in the absence of an explicitly specified
    user.  This can lead to problems when e.g. rc scripts are run from that
    non-world-readable directory, and run counter to expectations that jail
    startup is analogous to system startup.

    Restrict this behvaiour to only users exlicitly specified, either via
    the command line or jail parameters, but not the implicit root user.
    While this changes long-stand practice, it's the more intuitive action.

    jexec(8) has the same problem, and the same fix.

    PR:             277210
    Reported by:    johannes.kunde at gmail
    Differential Revision:  https://reviews.freebsd.org/D46226

 usr.sbin/jail/command.c | 2 +-
 usr.sbin/jail/jail.8    | 7 ++++++-
 usr.sbin/jexec/jexec.8  | 7 ++++++-
 usr.sbin/jexec/jexec.c  | 2 +-
 4 files changed, 14 insertions(+), 4 deletions(-)

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-277210-29815-A5KLMkfieM>