Date: Thu, 28 Jul 2011 11:41:56 +0000 (UTC) From: Benedict Reuschling <bcr@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r224475 - head/usr.sbin/jail Message-ID: <201107281141.p6SBfuZg002113@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bcr (doc committer) Date: Thu Jul 28 11:41:55 2011 New Revision: 224475 URL: http://svn.freebsd.org/changeset/base/224475 Log: Add a section to the jail chapter that explains why it is not recommended to allow root users in the jail to access the host system. PR: docs/156853 Submitted by: crees Patch by: crees Approved by: re (kib) for BETA1 Modified: head/usr.sbin/jail/jail.8 Modified: head/usr.sbin/jail/jail.8 ============================================================================== --- head/usr.sbin/jail/jail.8 Thu Jul 28 10:16:30 2011 (r224474) +++ head/usr.sbin/jail/jail.8 Thu Jul 28 11:41:55 2011 (r224475) @@ -34,7 +34,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 23, 2011 +.Dd July 28, 2011 .Dt JAIL 8 .Os .Sh NAME @@ -914,3 +914,8 @@ directory that is moved out of the jail' access to the file space outside of the jail. It is recommended that directories always be copied, rather than moved, out of a jail. +.Pp +It is also not recommended that users allowed root in the jail be allowed +access to the host system. +For example, a root user in a jail can create a setuid root utility that +could be run in the host system to achieve elevated privileges.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201107281141.p6SBfuZg002113>