Date: Thu, 28 Jul 2011 11:12:14 -0400 From: Ben Kaduk <minimarmot@gmail.com> To: Benedict Reuschling <bcr@freebsd.org>, rwatson@freebsd.org Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r224475 - head/usr.sbin/jail Message-ID: <CAK2BMK5UBM0_s_=sgRtrPNfp9aQPw8Pv4yMD4PFecbwE6CMZhg@mail.gmail.com> In-Reply-To: <201107281141.p6SBfuZg002113@svn.freebsd.org> References: <201107281141.p6SBfuZg002113@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 28, 2011 at 7:41 AM, Benedict Reuschling <bcr@freebsd.org> wrot= e: > Author: bcr (doc committer) > Date: Thu Jul 28 11:41:55 2011 > New Revision: 224475 > URL: http://svn.freebsd.org/changeset/base/224475 > > Log: > =A0Add a section to the jail chapter that explains why it is not > =A0recommended to allow root users in the jail to access the host system. > > =A0PR: =A0 =A0 =A0 =A0 =A0 docs/156853 > =A0Submitted by: crees > =A0Patch by: =A0 =A0 crees > =A0Approved by: =A0re (kib) for BETA1 > > Modified: > =A0head/usr.sbin/jail/jail.8 > > Modified: head/usr.sbin/jail/jail.8 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/usr.sbin/jail/jail.8 =A0 Thu Jul 28 10:16:30 2011 =A0 =A0 =A0 = =A0(r224474) > +++ head/usr.sbin/jail/jail.8 =A0 Thu Jul 28 11:41:55 2011 =A0 =A0 =A0 = =A0(r224475) > @@ -34,7 +34,7 @@ > =A0.\" > =A0.\" $FreeBSD$ > =A0.\" > -.Dd July 23, 2011 > +.Dd July 28, 2011 > =A0.Dt JAIL 8 > =A0.Os > =A0.Sh NAME > @@ -914,3 +914,8 @@ directory that is moved out of the jail' > =A0access to the file space outside of the jail. > =A0It is recommended that directories always be copied, rather than moved= , out > =A0of a jail. > +.Pp > +It is also not recommended that users allowed root in the jail be allowe= d > +access to the host system. > +For example, a root user in a jail can create a setuid root utility that > +could be run in the host system to achieve elevated privileges. Per rwatson's comment on the other jail.8 thread we've got going, we might recommend that the separate file system for a jail might also be mounted nosuid, which would close off this class of attack. I don't have a good sense of whether suid applications are frequently useful/needed inside a jail, though. -Ben Kaduk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAK2BMK5UBM0_s_=sgRtrPNfp9aQPw8Pv4yMD4PFecbwE6CMZhg>