Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 28 Jul 2011 00:52:03 -0400
From:      Jason Hellenthal <jhell@DataIX.net>
To:        Ben Kaduk <minimarmot@gmail.com>
Cc:        Glen Barber <gjb@freebsd.org>, svn-src-all@freebsd.org, src-committers@freebsd.org, svn-src-stable-8@freebsd.org, svn-src-stable@freebsd.org
Subject:   Re: svn commit: r224462 - stable/8/usr.sbin/jail
Message-ID:  <20110728045202.GC55550@DataIX.net>
In-Reply-To: <CAK2BMK6wF_jJi2=TRPNGmm5ybCWm0Zm8g0J-msOV5%2B4U6_XAzA@mail.gmail.com>
References:  <201107270156.p6R1uquD035835@svn.freebsd.org> <20110728021914.GA55550@DataIX.net> <CAK2BMK6wF_jJi2=TRPNGmm5ybCWm0Zm8g0J-msOV5%2B4U6_XAzA@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help

--bAmEntskrkuBymla
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable



On Wed, Jul 27, 2011 at 11:08:31PM -0400, Ben Kaduk wrote:
> On Wed, Jul 27, 2011 at 10:19 PM, Jason Hellenthal <jhell@dataix.net> wro=
te:
> >
> >
> > On Wed, Jul 27, 2011 at 01:56:52AM +0000, Glen Barber wrote:
> >> Author: gjb (doc committer)
> >> Date: Wed Jul 27 01:56:52 2011
> >> New Revision: 224462
> >> URL: http://svn.freebsd.org/changeset/base/224462
> >>
> >> Log:
> >> =A0 MFC 224286:
> >>
> >> =A0 Document the potential for jail escape.
> >>
> >> =A0 PR: =A0 =A0 =A0 =A0 142341
> >>
> >> Modified:
> >> =A0 stable/8/usr.sbin/jail/jail.8
> >> Directory Properties:
> >> =A0 stable/8/usr.sbin/jail/ =A0 (props changed)
> >>
> >> Modified: stable/8/usr.sbin/jail/jail.8
> >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
> >> --- stable/8/usr.sbin/jail/jail.8 =A0 =A0 Tue Jul 26 20:51:58 2011 =A0=
 =A0 =A0 =A0(r224461)
> >> +++ stable/8/usr.sbin/jail/jail.8 =A0 =A0 Wed Jul 27 01:56:52 2011 =A0=
 =A0 =A0 =A0(r224462)
> >> @@ -34,7 +34,7 @@
> >> =A0.\"
> >> =A0.\" $FreeBSD$
> >> =A0.\"
> >> -.Dd January 17, 2010
> >> +.Dd July 23, 2011
> >> =A0.Dt JAIL 8
> >> =A0.Os
> >> =A0.Sh NAME
> >> @@ -913,3 +913,10 @@ Currently, the simplest answer is to min
> >> =A0offered on the host, possibly limiting it to services offered from
> >> =A0.Xr inetd 8
> >> =A0which is easily configurable.
> >> +.Sh NOTES
> >> +Great care should be taken when managing directories visible within t=
he jail.
> >> +For example, if a jailed process has its current working directory se=
t to a
> >> +directory that is moved out of the jail's chroot, then the process ma=
y gain
> >> +access to the file space outside of the jail.
> >> +It is recommended that directories always be copied, rather than move=
d, out
> >> +of a jail.
> >
> > How is either one of these different ?
> >
> > All mv(1) is doing is a cp(1) & rm(1). In either case the filehandle is
>=20
> This is not always true when the source and destination live on the
> same filesystem.  See rename(2).
> Via VOP_RENAME, individual filesystems can override this behavior if
> needed (e.g. for AFS where permissions are per-directory, so a
> cross-directory copy would return EXDEV).
>=20

Ok so in the least words... be careful of poor administration
techniques that is trying to be explained here. The only real example I
could think of that relates to the example above would be in the case of
a hardlink that rests on the same filesystem.

Anyway just a nit-pick it just seems trying to explain these things in
example throughout a manual page can lead a user in the direction of
thought that everything has been explained or that is all the examples
and seems would be better off in a security aware section of a handbook
rather than mudding up the manual page.

>=20
> > still broken and a process is not going to just get up and move with it.
> > On the other side though if you copied a pipe or socket or something
> > similiar for example into a jail then it might make whatever is outside
> > available to the jailed environment.
> >
> > Is there something I am misunderstanding about this ? has the way cp(1),
> > rm(1) & mv(1) been changed recently ? or is this wording a little off ?
> >

--bAmEntskrkuBymla
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (FreeBSD)
Comment: http://bit.ly/0x89D8547E

iQEcBAEBAgAGBQJOMOryAAoJEJBXh4mJ2FR+Ym8H/jfJr9lBDFdRHxzovyWZvFV8
9xa0jPyAYwkGXPFBeX8H8pk3wj3zNAbIu1IUOv6xJ14LZz7afKPXpP5OFn7cBNHk
OIIrSi3wOmmE1H367VBTISFxCvlGzyWegzJkGLGyJDIrCfT7wrDBgcuzXbPXz41I
FTGTiJeA0WSRGvZbMRT/8mlt4UIA3MHcfbnYs1R1HmK1N1wd4+XIVpy+7cQFdKM7
1P02xrh0LoNESBZB3WYaINrU7ImcyOjkw04u0CvRq9/Q+3EVnhQhE5by/aBazuFY
otU8LDJM9f2LMf76h8/dmvC69QjFzrY5al/O0Af+WEv2gWuxj4B1+7SvHakY2nM=
=bTVA
-----END PGP SIGNATURE-----

--bAmEntskrkuBymla--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110728045202.GC55550>