From owner-cvs-src-old@FreeBSD.ORG  Sun May  8 12:16:55 2011
Return-Path: <owner-cvs-src-old@FreeBSD.ORG>
Delivered-To: cvs-src-old@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 579E41065670
	for <cvs-src-old@freebsd.org>; Sun,  8 May 2011 12:16:55 +0000 (UTC)
	(envelope-from bcr@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 4A1198FC13
	for <cvs-src-old@freebsd.org>; Sun,  8 May 2011 12:16:55 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.4/8.14.4) with ESMTP id p48CGtCn092410
	for <cvs-src-old@freebsd.org>; Sun, 8 May 2011 12:16:55 GMT
	(envelope-from bcr@repoman.freebsd.org)
Received: (from svn2cvs@localhost)
	by repoman.freebsd.org (8.14.4/8.14.4/Submit) id p48CGtnT092409
	for cvs-src-old@freebsd.org; Sun, 8 May 2011 12:16:55 GMT
	(envelope-from bcr@repoman.freebsd.org)
Message-Id: <201105081216.p48CGtnT092409@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to
	bcr@repoman.freebsd.org using -f
From: Benedict Reuschling <bcr@FreeBSD.org>
Date: Sun, 8 May 2011 12:16:39 +0000 (UTC)
To: cvs-src-old@freebsd.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/usr.sbin/jail jail.8
X-BeenThere: cvs-src-old@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the src tree
	<cvs-src-old.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src-old>
List-Post: <mailto:cvs-src-old@freebsd.org>
List-Help: <mailto:cvs-src-old-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 08 May 2011 12:16:55 -0000

bcr         2011-05-08 12:16:39 UTC

  FreeBSD src repository

  Modified files:
    usr.sbin/jail        jail.8 
  Log:
  SVN rev 221655 on 2011-05-08 12:16:39Z by bcr
  
  Jails have a problem in that if the jail directory is world-readable,
  an attacker with root access to the jail can create a setuid binary for
  their own use in the host environment (if they also have this access),
  thus breaking root in the host.
  
  This exploit is impossible if the jail's files are not world-readable.
  Add instructions to the man page on how to create a jail with the
  correct permissions set.
  
  PR:             docs/156853
  Submitted by:   Chris Rees (utisoft at gmail dot com)
  Reviewed by:    cperciva (security parts)
  MFC after:      9 days
  
  Revision  Changes    Path
  1.109     +6 -2      src/usr.sbin/jail/jail.8