Date: Wed, 27 Jul 2011 22:52:27 -0400 From: Glen Barber <gjb@FreeBSD.org> To: Jason Hellenthal <jhell@DataIX.net> Cc: Glen Barber <gjb@freebsd.org>, svn-src-all@freebsd.org, src-committers@freebsd.org, svn-src-stable-8@freebsd.org, svn-src-stable@freebsd.org Subject: Re: svn commit: r224462 - stable/8/usr.sbin/jail Message-ID: <4E30CEEB.107@FreeBSD.org> In-Reply-To: <20110728021914.GA55550@DataIX.net> References: <201107270156.p6R1uquD035835@svn.freebsd.org> <20110728021914.GA55550@DataIX.net>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 7/27/11 10:19 PM, Jason Hellenthal wrote: >> +.Sh NOTES +Great care should be taken when managing directories >> visible within the jail. +For example, if a jailed process has its >> current working directory set to a +directory that is moved out of >> the jail's chroot, then the process may gain +access to the file >> space outside of the jail. +It is recommended that directories >> always be copied, rather than moved, out +of a jail. > > How is either one of these different ? > > All mv(1) is doing is a cp(1) & rm(1). In either case the filehandle > is still broken and a process is not going to just get up and move > with it. On the other side though if you copied a pipe or socket or > something similiar for example into a jail then it might make > whatever is outside available to the jailed environment. > > Is there something I am misunderstanding about this ? has the way > cp(1), rm(1) & mv(1) been changed recently ? or is this wording a > little off ? The text in the example is just an example of a situation where it may be possible for a process within a jail(8) to gain filesystem access outside of the jail(8). Regards, - -- Glen Barber | gjb@FreeBSD.org FreeBSD Documentation Project -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) iQEcBAEBCAAGBQJOMM7rAAoJEFJPDDeguUajw7gIALesuCIHff5+p/a4v3gCYetF Su1RWFH/4Cc7iETC0sBR8vvJM9tUXuuKgSXCMswqmOQeJgwE5F+Xv4zAqofVyG6x b/C0WkmEe+nShOx1JLpmyvoSXlyh7b9QxV/41Kf/0Z1EoUZSNz1q5X58ZCvelaTr pqwftcCqGp0qHxVphCq8q42Z8hzS0V2SMco7gD/dqzyKjmST0zAhQfOgrT8kAqiH JHSU8ZSjVjQ5GPKi68fVCUBsivp/hyrXviSfFwh+anBembPrzMQNS7oYBtSJCrpf Ksy5SrT+JLNTSSZlhnqIvhwLfk01LR4alryZAlXYyUqO+DDjFX11vFqCW8qPrw8= =iXr5 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E30CEEB.107>