From owner-svn-src-stable@FreeBSD.ORG Thu Jul 28 03:36:36 2011 Return-Path: Delivered-To: svn-src-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 294EF106575D; Thu, 28 Jul 2011 03:36:36 +0000 (UTC) (envelope-from minimarmot@gmail.com) Received: from mail-yi0-f54.google.com (mail-yi0-f54.google.com [209.85.218.54]) by mx1.freebsd.org (Postfix) with ESMTP id 9CC368FC14; Thu, 28 Jul 2011 03:36:35 +0000 (UTC) Received: by yic13 with SMTP id 13so1962849yic.13 for ; Wed, 27 Jul 2011 20:36:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=OYpEqejJsUTAWqSoI+FO3fyRWBUNqHUxcbNdcooKCi8=; b=a5qibZKtekbwM/Z4NmNWSPJ/QysoK1ghUAffFp2hkO/6a7txk3YKMTa1duDlgeZpKO rZ2l5ADS/+CcXZ4iB+QRdbX9go1Vk1QwYASt3EzfiLBpRkixhjonJkUpF/hCL57+6L7v MGOqJkbe4YC1bjo+Zta5aMA5RCl5s8SC0d9NM= MIME-Version: 1.0 Received: by 10.236.178.101 with SMTP id e65mr588097yhm.325.1311822511504; Wed, 27 Jul 2011 20:08:31 -0700 (PDT) Received: by 10.236.109.147 with HTTP; Wed, 27 Jul 2011 20:08:31 -0700 (PDT) In-Reply-To: <20110728021914.GA55550@DataIX.net> References: <201107270156.p6R1uquD035835@svn.freebsd.org> <20110728021914.GA55550@DataIX.net> Date: Wed, 27 Jul 2011 23:08:31 -0400 Message-ID: From: Ben Kaduk To: Jason Hellenthal Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: Glen Barber , svn-src-all@freebsd.org, src-committers@freebsd.org, svn-src-stable-8@freebsd.org, svn-src-stable@freebsd.org Subject: Re: svn commit: r224462 - stable/8/usr.sbin/jail X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jul 2011 03:36:36 -0000 On Wed, Jul 27, 2011 at 10:19 PM, Jason Hellenthal wrote= : > > > On Wed, Jul 27, 2011 at 01:56:52AM +0000, Glen Barber wrote: >> Author: gjb (doc committer) >> Date: Wed Jul 27 01:56:52 2011 >> New Revision: 224462 >> URL: http://svn.freebsd.org/changeset/base/224462 >> >> Log: >> =A0 MFC 224286: >> >> =A0 Document the potential for jail escape. >> >> =A0 PR: =A0 =A0 =A0 =A0 142341 >> >> Modified: >> =A0 stable/8/usr.sbin/jail/jail.8 >> Directory Properties: >> =A0 stable/8/usr.sbin/jail/ =A0 (props changed) >> >> Modified: stable/8/usr.sbin/jail/jail.8 >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D >> --- stable/8/usr.sbin/jail/jail.8 =A0 =A0 Tue Jul 26 20:51:58 2011 =A0 = =A0 =A0 =A0(r224461) >> +++ stable/8/usr.sbin/jail/jail.8 =A0 =A0 Wed Jul 27 01:56:52 2011 =A0 = =A0 =A0 =A0(r224462) >> @@ -34,7 +34,7 @@ >> =A0.\" >> =A0.\" $FreeBSD$ >> =A0.\" >> -.Dd January 17, 2010 >> +.Dd July 23, 2011 >> =A0.Dt JAIL 8 >> =A0.Os >> =A0.Sh NAME >> @@ -913,3 +913,10 @@ Currently, the simplest answer is to min >> =A0offered on the host, possibly limiting it to services offered from >> =A0.Xr inetd 8 >> =A0which is easily configurable. >> +.Sh NOTES >> +Great care should be taken when managing directories visible within the= jail. >> +For example, if a jailed process has its current working directory set = to a >> +directory that is moved out of the jail's chroot, then the process may = gain >> +access to the file space outside of the jail. >> +It is recommended that directories always be copied, rather than moved,= out >> +of a jail. > > How is either one of these different ? > > All mv(1) is doing is a cp(1) & rm(1). In either case the filehandle is This is not always true when the source and destination live on the same filesystem. See rename(2). Via VOP_RENAME, individual filesystems can override this behavior if needed (e.g. for AFS where permissions are per-directory, so a cross-directory copy would return EXDEV). -Ben Kaduk > still broken and a process is not going to just get up and move with it. > On the other side though if you copied a pipe or socket or something > similiar for example into a jail then it might make whatever is outside > available to the jailed environment. > > Is there something I am misunderstanding about this ? has the way cp(1), > rm(1) & mv(1) been changed recently ? or is this wording a little off ? >