From owner-svn-src-all@FreeBSD.ORG Thu Jul 28 23:31:23 2011 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B231B1065676; Thu, 28 Jul 2011 23:31:23 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 395CC8FC0C; Thu, 28 Jul 2011 23:31:22 +0000 (UTC) Received: by iyb11 with SMTP id 11so4564136iyb.13 for ; Thu, 28 Jul 2011 16:31:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=Vsj4srFaU8jprIwje3gIy890/UxlZtACGibSQhNUi0E=; b=Boso7uIxxMdj0z9CrMLZiBYhQLbi3AarzE0L2S+HUtARzS/PgMYAghQ2lXl2j9M4aF RJFt5sjZbzQOAS9nkRkwWjg73FFZxGG0zvYHuWvUBA4RNea2U8422tcnd7WH6KQdBMGx 3tBgPELp0lAmxfTdcZJljHUZOEeDQ4jYlTanA= Received: by 10.42.157.138 with SMTP id d10mr421476icx.490.1311895882520; Thu, 28 Jul 2011 16:31:22 -0700 (PDT) Received: from DataIX.net ([99.56.120.66]) by mx.google.com with ESMTPS id e2sm944285ibb.23.2011.07.28.16.31.19 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 28 Jul 2011 16:31:20 -0700 (PDT) Sender: "J. Hellenthal" Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id p6SNVGJL038296 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 28 Jul 2011 19:31:17 -0400 (EDT) (envelope-from jhell@DataIX.net) Received: (from jhell@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id p6SNVE9b038295; Thu, 28 Jul 2011 19:31:14 -0400 (EDT) (envelope-from jhell@DataIX.net) Date: Thu, 28 Jul 2011 19:31:14 -0400 From: Jason Hellenthal To: Robert Watson Message-ID: <20110728233114.GA37774@DataIX.net> References: <201107270156.p6R1uquD035835@svn.freebsd.org> <20110728021914.GA55550@DataIX.net> <4E30CEEB.107@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="a8Wt8u1KmwUX3Y2C" Content-Disposition: inline In-Reply-To: Cc: Glen Barber , svn-src-all@freebsd.org, src-committers@freebsd.org, svn-src-stable-8@freebsd.org, svn-src-stable@freebsd.org Subject: Re: svn commit: r224462 - stable/8/usr.sbin/jail X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jul 2011 23:31:23 -0000 --a8Wt8u1KmwUX3Y2C Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 28, 2011 at 10:40:19AM +0100, Robert Watson wrote: >=20 > On Wed, 27 Jul 2011, Glen Barber wrote: >=20 > >> How is either one of these different ? > >> > >> All mv(1) is doing is a cp(1) & rm(1). In either case the filehandle i= s=20 > >> still broken and a process is not going to just get up and move with i= t. On=20 > >> the other side though if you copied a pipe or socket or something simi= liar=20 > >> for example into a jail then it might make whatever is outside availab= le to=20 > >> the jailed environment. > >> > >> Is there something I am misunderstanding about this ? has the way cp(1= ),=20 > >> rm(1) & mv(1) been changed recently ? or is this wording a little off ? > > > > The text in the example is just an example of a situation where it may = be=20 > > possible for a process within a jail(8) to gain filesystem access outsi= de of=20 > > the jail(8). >=20 > I wonder, if on these grounds, we should actually advise administrators t= hat=20 > it is a more robust configuration, both in terms of managing free space a= nd=20 > avoiding potential escape paths, to put each jail in its own file system.= =20 > Lots of people do this anyway, and as recommendations go, it's not a bad = one.=20 > We can then caution that if you *don't* do this, then you need to be care= ful=20 > about the mv issue. >=20 That sounds like a perfectly sane idea. --a8Wt8u1KmwUX3Y2C Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) Comment: http://bit.ly/0x89D8547E iQEcBAEBAgAGBQJOMfFCAAoJEJBXh4mJ2FR+XXkH/im3tgkucIQrtuqd5DZbBIck q3qtWsT3fGyRoEKB3sGXLzxDpMeic9Rm5qES9FQFM/vW/sxoNu6k8jd/7LwoD5bG merDyuJCSuHIoaYDGssKUCt/z+sr5+7dwPQEhWsc2MdoDaX55JLiyDsdevbFZoeb 1q0XQVh6jUBHHVzam7ex4xSCZ3UjVwe8gaHbZd3J7uvXPowgHVDcgYbRMDKvQ9Km xgoWSpXfGR4SCsbzLKVNI4eVN2TvDo80DLqCDFkKr9rOqDB/l2IveZMgq5q8dTZ/ lBkAZEIZZHbANwsfFchGVbfOn6WoKSdjDyiDehwiKTNZYUnLUwJ5tUQI0cdgGqI= =OQAQ -----END PGP SIGNATURE----- --a8Wt8u1KmwUX3Y2C--