From owner-svn-src-all@FreeBSD.ORG Thu Jul 28 04:52:10 2011 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 508EE1065673; Thu, 28 Jul 2011 04:52:10 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id CD0678FC0A; Thu, 28 Jul 2011 04:52:09 +0000 (UTC) Received: by iyb11 with SMTP id 11so3352976iyb.13 for ; Wed, 27 Jul 2011 21:52:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=I01KlNVBr3UfsFZzDygYhxm3H0enAGiHTKyeMFaTS3A=; b=YSdIpvEdM32hwPWB0XuNCgLUGE4OQY1g7ix4J6nHT7RmFgy3SJ/2ow6G48D3qlj7Su EtAzOGqWX+lru8PfFUAo5lNt7UObYoIQw+Ga8joc4ltykSe7OZP1n/mBBd8zFy+eSO1H EicEdYnQLyKpNpscVuP+IHhzAsHcwlnGnVwog= Received: by 10.231.61.134 with SMTP id t6mr437638ibh.15.1311828729137; Wed, 27 Jul 2011 21:52:09 -0700 (PDT) Received: from DataIX.net ([99.181.132.76]) by mx.google.com with ESMTPS id y3sm403142ibc.54.2011.07.27.21.52.06 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 27 Jul 2011 21:52:07 -0700 (PDT) Sender: "J. Hellenthal" Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id p6S4q4cb027952 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 28 Jul 2011 00:52:04 -0400 (EDT) (envelope-from jhell@DataIX.net) Received: (from jhell@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id p6S4q3po027951; Thu, 28 Jul 2011 00:52:03 -0400 (EDT) (envelope-from jhell@DataIX.net) Date: Thu, 28 Jul 2011 00:52:03 -0400 From: Jason Hellenthal To: Ben Kaduk Message-ID: <20110728045202.GC55550@DataIX.net> References: <201107270156.p6R1uquD035835@svn.freebsd.org> <20110728021914.GA55550@DataIX.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="bAmEntskrkuBymla" Content-Disposition: inline In-Reply-To: Cc: Glen Barber , svn-src-all@freebsd.org, src-committers@freebsd.org, svn-src-stable-8@freebsd.org, svn-src-stable@freebsd.org Subject: Re: svn commit: r224462 - stable/8/usr.sbin/jail X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jul 2011 04:52:10 -0000 --bAmEntskrkuBymla Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 27, 2011 at 11:08:31PM -0400, Ben Kaduk wrote: > On Wed, Jul 27, 2011 at 10:19 PM, Jason Hellenthal wro= te: > > > > > > On Wed, Jul 27, 2011 at 01:56:52AM +0000, Glen Barber wrote: > >> Author: gjb (doc committer) > >> Date: Wed Jul 27 01:56:52 2011 > >> New Revision: 224462 > >> URL: http://svn.freebsd.org/changeset/base/224462 > >> > >> Log: > >> =A0 MFC 224286: > >> > >> =A0 Document the potential for jail escape. > >> > >> =A0 PR: =A0 =A0 =A0 =A0 142341 > >> > >> Modified: > >> =A0 stable/8/usr.sbin/jail/jail.8 > >> Directory Properties: > >> =A0 stable/8/usr.sbin/jail/ =A0 (props changed) > >> > >> Modified: stable/8/usr.sbin/jail/jail.8 > >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D > >> --- stable/8/usr.sbin/jail/jail.8 =A0 =A0 Tue Jul 26 20:51:58 2011 =A0= =A0 =A0 =A0(r224461) > >> +++ stable/8/usr.sbin/jail/jail.8 =A0 =A0 Wed Jul 27 01:56:52 2011 =A0= =A0 =A0 =A0(r224462) > >> @@ -34,7 +34,7 @@ > >> =A0.\" > >> =A0.\" $FreeBSD$ > >> =A0.\" > >> -.Dd January 17, 2010 > >> +.Dd July 23, 2011 > >> =A0.Dt JAIL 8 > >> =A0.Os > >> =A0.Sh NAME > >> @@ -913,3 +913,10 @@ Currently, the simplest answer is to min > >> =A0offered on the host, possibly limiting it to services offered from > >> =A0.Xr inetd 8 > >> =A0which is easily configurable. > >> +.Sh NOTES > >> +Great care should be taken when managing directories visible within t= he jail. > >> +For example, if a jailed process has its current working directory se= t to a > >> +directory that is moved out of the jail's chroot, then the process ma= y gain > >> +access to the file space outside of the jail. > >> +It is recommended that directories always be copied, rather than move= d, out > >> +of a jail. > > > > How is either one of these different ? > > > > All mv(1) is doing is a cp(1) & rm(1). In either case the filehandle is >=20 > This is not always true when the source and destination live on the > same filesystem. See rename(2). > Via VOP_RENAME, individual filesystems can override this behavior if > needed (e.g. for AFS where permissions are per-directory, so a > cross-directory copy would return EXDEV). >=20 Ok so in the least words... be careful of poor administration techniques that is trying to be explained here. The only real example I could think of that relates to the example above would be in the case of a hardlink that rests on the same filesystem. Anyway just a nit-pick it just seems trying to explain these things in example throughout a manual page can lead a user in the direction of thought that everything has been explained or that is all the examples and seems would be better off in a security aware section of a handbook rather than mudding up the manual page. >=20 > > still broken and a process is not going to just get up and move with it. > > On the other side though if you copied a pipe or socket or something > > similiar for example into a jail then it might make whatever is outside > > available to the jailed environment. > > > > Is there something I am misunderstanding about this ? has the way cp(1), > > rm(1) & mv(1) been changed recently ? or is this wording a little off ? > > --bAmEntskrkuBymla Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) Comment: http://bit.ly/0x89D8547E iQEcBAEBAgAGBQJOMOryAAoJEJBXh4mJ2FR+Ym8H/jfJr9lBDFdRHxzovyWZvFV8 9xa0jPyAYwkGXPFBeX8H8pk3wj3zNAbIu1IUOv6xJ14LZz7afKPXpP5OFn7cBNHk OIIrSi3wOmmE1H367VBTISFxCvlGzyWegzJkGLGyJDIrCfT7wrDBgcuzXbPXz41I FTGTiJeA0WSRGvZbMRT/8mlt4UIA3MHcfbnYs1R1HmK1N1wd4+XIVpy+7cQFdKM7 1P02xrh0LoNESBZB3WYaINrU7ImcyOjkw04u0CvRq9/Q+3EVnhQhE5by/aBazuFY otU8LDJM9f2LMf76h8/dmvC69QjFzrY5al/O0Af+WEv2gWuxj4B1+7SvHakY2nM= =bTVA -----END PGP SIGNATURE----- --bAmEntskrkuBymla--