Date: Sun, 8 May 2011 12:16:39 +0000 (UTC) From: Benedict Reuschling <bcr@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/usr.sbin/jail jail.8 Message-ID: <201105081216.p48CGtnT092409@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
bcr 2011-05-08 12:16:39 UTC FreeBSD src repository Modified files: usr.sbin/jail jail.8 Log: SVN rev 221655 on 2011-05-08 12:16:39Z by bcr Jails have a problem in that if the jail directory is world-readable, an attacker with root access to the jail can create a setuid binary for their own use in the host environment (if they also have this access), thus breaking root in the host. This exploit is impossible if the jail's files are not world-readable. Add instructions to the man page on how to create a jail with the correct permissions set. PR: docs/156853 Submitted by: Chris Rees (utisoft at gmail dot com) Reviewed by: cperciva (security parts) MFC after: 9 days Revision Changes Path 1.109 +6 -2 src/usr.sbin/jail/jail.8
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201105081216.p48CGtnT092409>