From owner-svn-src-stable@FreeBSD.ORG Thu Jul 28 02:47:37 2011 Return-Path: Delivered-To: svn-src-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AC2D81065675; Thu, 28 Jul 2011 02:47:37 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-yi0-f54.google.com (mail-yi0-f54.google.com [209.85.218.54]) by mx1.freebsd.org (Postfix) with ESMTP id F11CB8FC0A; Thu, 28 Jul 2011 02:47:36 +0000 (UTC) Received: by yic13 with SMTP id 13so1942913yic.13 for ; Wed, 27 Jul 2011 19:47:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=0+ESv33P/Dx0OE0rDtj6WorplC+Dc+UbEmwC6GFG40g=; b=Nr5s2qOAGlf84i0yr5W/hl/6hbxbPp3w8LV9qrg0mvkFhpOf/EYGye00ws7/HvotBc O/vMQ7E9Tvu1VKNztzg1pab+FY/gkwsueZ3EIGC5Tm/Y5C6faG7eAXcDzJ1Yp1DWTlpX 2XJHHBoCU3b2ep9w2zWosDfeLsCtQN7WGK4VY= Received: by 10.42.28.194 with SMTP id o2mr434060icc.5.1311819561055; Wed, 27 Jul 2011 19:19:21 -0700 (PDT) Received: from DataIX.net (adsl-99-181-132-76.dsl.klmzmi.sbcglobal.net [99.181.132.76]) by mx.google.com with ESMTPS id v16sm326477ibf.42.2011.07.27.19.19.18 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 27 Jul 2011 19:19:19 -0700 (PDT) Sender: "J. Hellenthal" Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id p6S2JGXu091566 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 27 Jul 2011 22:19:16 -0400 (EDT) (envelope-from jhell@DataIX.net) Received: (from jhell@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id p6S2JFdn091565; Wed, 27 Jul 2011 22:19:15 -0400 (EDT) (envelope-from jhell@DataIX.net) Date: Wed, 27 Jul 2011 22:19:14 -0400 From: Jason Hellenthal To: Glen Barber Message-ID: <20110728021914.GA55550@DataIX.net> References: <201107270156.p6R1uquD035835@svn.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="OgqxwSJOaUobr8KG" Content-Disposition: inline In-Reply-To: <201107270156.p6R1uquD035835@svn.freebsd.org> Cc: svn-src-stable@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, svn-src-stable-8@freebsd.org Subject: Re: svn commit: r224462 - stable/8/usr.sbin/jail X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jul 2011 02:47:37 -0000 --OgqxwSJOaUobr8KG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 27, 2011 at 01:56:52AM +0000, Glen Barber wrote: > Author: gjb (doc committer) > Date: Wed Jul 27 01:56:52 2011 > New Revision: 224462 > URL: http://svn.freebsd.org/changeset/base/224462 >=20 > Log: > MFC 224286: > =20 > Document the potential for jail escape. > =20 > PR: 142341 >=20 > Modified: > stable/8/usr.sbin/jail/jail.8 > Directory Properties: > stable/8/usr.sbin/jail/ (props changed) >=20 > Modified: stable/8/usr.sbin/jail/jail.8 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- stable/8/usr.sbin/jail/jail.8 Tue Jul 26 20:51:58 2011 (r224461) > +++ stable/8/usr.sbin/jail/jail.8 Wed Jul 27 01:56:52 2011 (r224462) > @@ -34,7 +34,7 @@ > .\" > .\" $FreeBSD$ > .\" > -.Dd January 17, 2010 > +.Dd July 23, 2011 > .Dt JAIL 8 > .Os > .Sh NAME > @@ -913,3 +913,10 @@ Currently, the simplest answer is to min > offered on the host, possibly limiting it to services offered from > .Xr inetd 8 > which is easily configurable. > +.Sh NOTES > +Great care should be taken when managing directories visible within the = jail. > +For example, if a jailed process has its current working directory set t= o a > +directory that is moved out of the jail's chroot, then the process may g= ain > +access to the file space outside of the jail. > +It is recommended that directories always be copied, rather than moved, = out > +of a jail. How is either one of these different ? All mv(1) is doing is a cp(1) & rm(1). In either case the filehandle is still broken and a process is not going to just get up and move with it. On the other side though if you copied a pipe or socket or something similiar for example into a jail then it might make whatever is outside available to the jailed environment. Is there something I am misunderstanding about this ? has the way cp(1), rm(1) & mv(1) been changed recently ? or is this wording a little off ? --OgqxwSJOaUobr8KG Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) Comment: http://bit.ly/0x89D8547E iQEcBAEBAgAGBQJOMMcfAAoJEJBXh4mJ2FR+cJcH/A8lNW6rpTBgk7WgnOHO/grV kXcSIveh+MBkfoxt9F65Mt7RMroIXSpk2pvg9upNVjuMDNTfCkRuNnPK6NgwptDp BSq9bSzeQW08aQRwB0ARaaEyNpXJh0aqV4GkYHel9vBqNd6Jwc1dAtriIJIJQhgC rRRdtOJEJ2f1Xc5x1k0Ikg4vULxbvKlVhe1K92gHRJlf7I67TZstH1UsgsD9u/wh OvSj49Xh0ND0CzB5VY6imqvxLGCyc4a6F5vXdh/5uNfyWnkxXuT7MpFNmosoVCK4 qNHPzZuWHrhyqi4+bF8YjAm8ZfdtMNbaHRiH+u7QVp/xmjVA4G/JnuZtthIOeYY= =pela -----END PGP SIGNATURE----- --OgqxwSJOaUobr8KG--