Date: Wed, 27 Jul 2011 23:08:31 -0400 From: Ben Kaduk <minimarmot@gmail.com> To: Jason Hellenthal <jhell@dataix.net> Cc: Glen Barber <gjb@freebsd.org>, svn-src-all@freebsd.org, src-committers@freebsd.org, svn-src-stable-8@freebsd.org, svn-src-stable@freebsd.org Subject: Re: svn commit: r224462 - stable/8/usr.sbin/jail Message-ID: <CAK2BMK6wF_jJi2=TRPNGmm5ybCWm0Zm8g0J-msOV5%2B4U6_XAzA@mail.gmail.com> In-Reply-To: <20110728021914.GA55550@DataIX.net> References: <201107270156.p6R1uquD035835@svn.freebsd.org> <20110728021914.GA55550@DataIX.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 27, 2011 at 10:19 PM, Jason Hellenthal <jhell@dataix.net> wrote= : > > > On Wed, Jul 27, 2011 at 01:56:52AM +0000, Glen Barber wrote: >> Author: gjb (doc committer) >> Date: Wed Jul 27 01:56:52 2011 >> New Revision: 224462 >> URL: http://svn.freebsd.org/changeset/base/224462 >> >> Log: >> =A0 MFC 224286: >> >> =A0 Document the potential for jail escape. >> >> =A0 PR: =A0 =A0 =A0 =A0 142341 >> >> Modified: >> =A0 stable/8/usr.sbin/jail/jail.8 >> Directory Properties: >> =A0 stable/8/usr.sbin/jail/ =A0 (props changed) >> >> Modified: stable/8/usr.sbin/jail/jail.8 >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D >> --- stable/8/usr.sbin/jail/jail.8 =A0 =A0 Tue Jul 26 20:51:58 2011 =A0 = =A0 =A0 =A0(r224461) >> +++ stable/8/usr.sbin/jail/jail.8 =A0 =A0 Wed Jul 27 01:56:52 2011 =A0 = =A0 =A0 =A0(r224462) >> @@ -34,7 +34,7 @@ >> =A0.\" >> =A0.\" $FreeBSD$ >> =A0.\" >> -.Dd January 17, 2010 >> +.Dd July 23, 2011 >> =A0.Dt JAIL 8 >> =A0.Os >> =A0.Sh NAME >> @@ -913,3 +913,10 @@ Currently, the simplest answer is to min >> =A0offered on the host, possibly limiting it to services offered from >> =A0.Xr inetd 8 >> =A0which is easily configurable. >> +.Sh NOTES >> +Great care should be taken when managing directories visible within the= jail. >> +For example, if a jailed process has its current working directory set = to a >> +directory that is moved out of the jail's chroot, then the process may = gain >> +access to the file space outside of the jail. >> +It is recommended that directories always be copied, rather than moved,= out >> +of a jail. > > How is either one of these different ? > > All mv(1) is doing is a cp(1) & rm(1). In either case the filehandle is This is not always true when the source and destination live on the same filesystem. See rename(2). Via VOP_RENAME, individual filesystems can override this behavior if needed (e.g. for AFS where permissions are per-directory, so a cross-directory copy would return EXDEV). -Ben Kaduk > still broken and a process is not going to just get up and move with it. > On the other side though if you copied a pipe or socket or something > similiar for example into a jail then it might make whatever is outside > available to the jailed environment. > > Is there something I am misunderstanding about this ? has the way cp(1), > rm(1) & mv(1) been changed recently ? or is this wording a little off ? >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAK2BMK6wF_jJi2=TRPNGmm5ybCWm0Zm8g0J-msOV5%2B4U6_XAzA>