Date: Thu, 28 Jul 2011 10:40:19 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Glen Barber <gjb@FreeBSD.org> Cc: Jason Hellenthal <jhell@DataIX.net>, svn-src-all@freebsd.org, src-committers@freebsd.org, svn-src-stable-8@freebsd.org, svn-src-stable@freebsd.org Subject: Re: svn commit: r224462 - stable/8/usr.sbin/jail Message-ID: <alpine.BSF.2.00.1107281039110.30580@fledge.watson.org> In-Reply-To: <4E30CEEB.107@FreeBSD.org> References: <201107270156.p6R1uquD035835@svn.freebsd.org> <20110728021914.GA55550@DataIX.net> <4E30CEEB.107@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 27 Jul 2011, Glen Barber wrote: >> How is either one of these different ? >> >> All mv(1) is doing is a cp(1) & rm(1). In either case the filehandle is >> still broken and a process is not going to just get up and move with it. On >> the other side though if you copied a pipe or socket or something similiar >> for example into a jail then it might make whatever is outside available to >> the jailed environment. >> >> Is there something I am misunderstanding about this ? has the way cp(1), >> rm(1) & mv(1) been changed recently ? or is this wording a little off ? > > The text in the example is just an example of a situation where it may be > possible for a process within a jail(8) to gain filesystem access outside of > the jail(8). I wonder, if on these grounds, we should actually advise administrators that it is a more robust configuration, both in terms of managing free space and avoiding potential escape paths, to put each jail in its own file system. Lots of people do this anyway, and as recommendations go, it's not a bad one. We can then caution that if you *don't* do this, then you need to be careful about the mv issue. Robert
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1107281039110.30580>