Date: Thu, 28 Jul 2011 00:52:03 -0400 From: Jason Hellenthal <jhell@DataIX.net> To: Ben Kaduk <minimarmot@gmail.com> Cc: Glen Barber <gjb@freebsd.org>, svn-src-all@freebsd.org, src-committers@freebsd.org, svn-src-stable-8@freebsd.org, svn-src-stable@freebsd.org Subject: Re: svn commit: r224462 - stable/8/usr.sbin/jail Message-ID: <20110728045202.GC55550@DataIX.net> In-Reply-To: <CAK2BMK6wF_jJi2=TRPNGmm5ybCWm0Zm8g0J-msOV5%2B4U6_XAzA@mail.gmail.com> References: <201107270156.p6R1uquD035835@svn.freebsd.org> <20110728021914.GA55550@DataIX.net> <CAK2BMK6wF_jJi2=TRPNGmm5ybCWm0Zm8g0J-msOV5%2B4U6_XAzA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--bAmEntskrkuBymla Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 27, 2011 at 11:08:31PM -0400, Ben Kaduk wrote: > On Wed, Jul 27, 2011 at 10:19 PM, Jason Hellenthal <jhell@dataix.net> wro= te: > > > > > > On Wed, Jul 27, 2011 at 01:56:52AM +0000, Glen Barber wrote: > >> Author: gjb (doc committer) > >> Date: Wed Jul 27 01:56:52 2011 > >> New Revision: 224462 > >> URL: http://svn.freebsd.org/changeset/base/224462 > >> > >> Log: > >> =A0 MFC 224286: > >> > >> =A0 Document the potential for jail escape. > >> > >> =A0 PR: =A0 =A0 =A0 =A0 142341 > >> > >> Modified: > >> =A0 stable/8/usr.sbin/jail/jail.8 > >> Directory Properties: > >> =A0 stable/8/usr.sbin/jail/ =A0 (props changed) > >> > >> Modified: stable/8/usr.sbin/jail/jail.8 > >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D > >> --- stable/8/usr.sbin/jail/jail.8 =A0 =A0 Tue Jul 26 20:51:58 2011 =A0= =A0 =A0 =A0(r224461) > >> +++ stable/8/usr.sbin/jail/jail.8 =A0 =A0 Wed Jul 27 01:56:52 2011 =A0= =A0 =A0 =A0(r224462) > >> @@ -34,7 +34,7 @@ > >> =A0.\" > >> =A0.\" $FreeBSD$ > >> =A0.\" > >> -.Dd January 17, 2010 > >> +.Dd July 23, 2011 > >> =A0.Dt JAIL 8 > >> =A0.Os > >> =A0.Sh NAME > >> @@ -913,3 +913,10 @@ Currently, the simplest answer is to min > >> =A0offered on the host, possibly limiting it to services offered from > >> =A0.Xr inetd 8 > >> =A0which is easily configurable. > >> +.Sh NOTES > >> +Great care should be taken when managing directories visible within t= he jail. > >> +For example, if a jailed process has its current working directory se= t to a > >> +directory that is moved out of the jail's chroot, then the process ma= y gain > >> +access to the file space outside of the jail. > >> +It is recommended that directories always be copied, rather than move= d, out > >> +of a jail. > > > > How is either one of these different ? > > > > All mv(1) is doing is a cp(1) & rm(1). In either case the filehandle is >=20 > This is not always true when the source and destination live on the > same filesystem. See rename(2). > Via VOP_RENAME, individual filesystems can override this behavior if > needed (e.g. for AFS where permissions are per-directory, so a > cross-directory copy would return EXDEV). >=20 Ok so in the least words... be careful of poor administration techniques that is trying to be explained here. The only real example I could think of that relates to the example above would be in the case of a hardlink that rests on the same filesystem. Anyway just a nit-pick it just seems trying to explain these things in example throughout a manual page can lead a user in the direction of thought that everything has been explained or that is all the examples and seems would be better off in a security aware section of a handbook rather than mudding up the manual page. >=20 > > still broken and a process is not going to just get up and move with it. > > On the other side though if you copied a pipe or socket or something > > similiar for example into a jail then it might make whatever is outside > > available to the jailed environment. > > > > Is there something I am misunderstanding about this ? has the way cp(1), > > rm(1) & mv(1) been changed recently ? or is this wording a little off ? > > --bAmEntskrkuBymla Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) Comment: http://bit.ly/0x89D8547E iQEcBAEBAgAGBQJOMOryAAoJEJBXh4mJ2FR+Ym8H/jfJr9lBDFdRHxzovyWZvFV8 9xa0jPyAYwkGXPFBeX8H8pk3wj3zNAbIu1IUOv6xJ14LZz7afKPXpP5OFn7cBNHk OIIrSi3wOmmE1H367VBTISFxCvlGzyWegzJkGLGyJDIrCfT7wrDBgcuzXbPXz41I FTGTiJeA0WSRGvZbMRT/8mlt4UIA3MHcfbnYs1R1HmK1N1wd4+XIVpy+7cQFdKM7 1P02xrh0LoNESBZB3WYaINrU7ImcyOjkw04u0CvRq9/Q+3EVnhQhE5by/aBazuFY otU8LDJM9f2LMf76h8/dmvC69QjFzrY5al/O0Af+WEv2gWuxj4B1+7SvHakY2nM= =bTVA -----END PGP SIGNATURE----- --bAmEntskrkuBymla--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110728045202.GC55550>