From owner-cvs-src@FreeBSD.ORG Sun Aug 22 12:21:58 2004 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB06416A4CE; Sun, 22 Aug 2004 12:21:58 +0000 (GMT) Received: from darkness.comp.waw.pl (darkness.comp.waw.pl [195.117.238.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 50F7443D45; Sun, 22 Aug 2004 12:21:58 +0000 (GMT) (envelope-from pjd@darkness.comp.waw.pl) Received: by darkness.comp.waw.pl (Postfix, from userid 1009) id 864C6ACAFE; Sun, 22 Aug 2004 14:21:56 +0200 (CEST) Date: Sun, 22 Aug 2004 14:21:56 +0200 From: Pawel Jakub Dawidek To: "Christian S.J. Peron" Message-ID: <20040822122156.GK30151@darkness.comp.waw.pl> References: <200408220203.i7M23fb5001923@repoman.freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="c6397Mob2532IpCX" Content-Disposition: inline In-Reply-To: <200408220203.i7M23fb5001923@repoman.freebsd.org> User-Agent: Mutt/1.4.2i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 5.2.1-RC2 i386 cc: cvs-src@FreeBSD.org cc: src-committers@FreeBSD.org cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/ufs/ufs ufs_vnops.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Aug 2004 12:21:58 -0000 --c6397Mob2532IpCX Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Aug 22, 2004 at 02:03:41AM +0000, Christian S.J. Peron wrote: +> csjp 2004-08-22 02:03:41 UTC +>=20 +> FreeBSD src repository +>=20 +> Modified files: +> sys/ufs/ufs ufs_vnops.c=20 +> Log: +> Currently, if the secure level is low enough, system flags can +> be manipulated by prison root. In 4.x prison root can not manipulate +> system flags, regardless of the security level. This behavior +> should remain consistent to avoid any surprises which could lead +> to security problems for system administrators which give out +> privileged access to jails. +> =20 +> This commit changes suser_cred's flag argument from SUSER_ALLOWJAIL +> to 0. This will prevent prison root from being able to manipulate +> system flags on files. +> =20 +> This may be a MFC candidate for RELENG_5. In 5.x we are able to set securelevel per jail, so jail's system administrator can increase securelevel if he needs this behaviour. I agree, that we should stay consistent with 4.x, that's why we should put this under some sysctl with default value, that keeps 4.x behaviour, but it could be changed if jail's system administrator wants to take control over system flags. --=20 Pawel Jakub Dawidek http://www.FreeBSD.org pjd@FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am! --c6397Mob2532IpCX Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFBKI/kForvXbEpPzQRAqLeAJ995TMWFMU7H1SChRlYjQZhfG+W+wCcDVCF TmTbn5uPtSY5zYipIIGXvmc= =kpkf -----END PGP SIGNATURE----- --c6397Mob2532IpCX--