From owner-svn-src-all@FreeBSD.ORG Thu Jul 28 11:41:56 2011 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4D099106564A; Thu, 28 Jul 2011 11:41:56 +0000 (UTC) (envelope-from bcr@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 3E2B68FC0A; Thu, 28 Jul 2011 11:41:56 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p6SBfu8M002115; Thu, 28 Jul 2011 11:41:56 GMT (envelope-from bcr@svn.freebsd.org) Received: (from bcr@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id p6SBfuZg002113; Thu, 28 Jul 2011 11:41:56 GMT (envelope-from bcr@svn.freebsd.org) Message-Id: <201107281141.p6SBfuZg002113@svn.freebsd.org> From: Benedict Reuschling Date: Thu, 28 Jul 2011 11:41:56 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r224475 - head/usr.sbin/jail X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jul 2011 11:41:56 -0000 Author: bcr (doc committer) Date: Thu Jul 28 11:41:55 2011 New Revision: 224475 URL: http://svn.freebsd.org/changeset/base/224475 Log: Add a section to the jail chapter that explains why it is not recommended to allow root users in the jail to access the host system. PR: docs/156853 Submitted by: crees Patch by: crees Approved by: re (kib) for BETA1 Modified: head/usr.sbin/jail/jail.8 Modified: head/usr.sbin/jail/jail.8 ============================================================================== --- head/usr.sbin/jail/jail.8 Thu Jul 28 10:16:30 2011 (r224474) +++ head/usr.sbin/jail/jail.8 Thu Jul 28 11:41:55 2011 (r224475) @@ -34,7 +34,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 23, 2011 +.Dd July 28, 2011 .Dt JAIL 8 .Os .Sh NAME @@ -914,3 +914,8 @@ directory that is moved out of the jail' access to the file space outside of the jail. It is recommended that directories always be copied, rather than moved, out of a jail. +.Pp +It is also not recommended that users allowed root in the jail be allowed +access to the host system. +For example, a root user in a jail can create a setuid root utility that +could be run in the host system to achieve elevated privileges.