From owner-freebsd-security Thu Oct 11 2:37:33 2001 Delivered-To: freebsd-security@freebsd.org Received: from osvald.void.ru (osvald.void.ru [195.209.226.151]) by hub.freebsd.org (Postfix) with ESMTP id 8843137B403 for ; Thu, 11 Oct 2001 02:37:29 -0700 (PDT) Received: from abgEYem__dmsjsWR (gw.solist.ru [195.42.77.50]) by osvald.void.ru (8.11.3/6.6.6) with ESMTP id f9B9ZrT89116 for ; Thu, 11 Oct 2001 13:35:54 +0400 (MSD) Date: Thu, 11 Oct 2001 13:36:49 +0400 From: void@void.ru X-Mailer: The Bat! (v1.53bis) UNREG / CD5BF9353B3B7091 X-Priority: 3 (Normal) Message-ID: <1544247985.20011011133649@void.ru> Disposition-Notification-To: void@void.ru To: freebsd-security@FreeBSD.ORG Subject: jail(8) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Good day ! After setting up a virtual enviroment using JAIL(8) I've encountered the following problem: setuid/setgid bit became no more effective. So, this screwed up apache's suexec, passwd(1) and several other apps whose setuidness is nessesary for their normal operation flow. i.e.: jail# chmod u+s /usr/bin/id jail# ls -la /usr/bin/id -r-sr-xr-x 1 root wheel 6744 11 Oct 02:59 /usr/bin/id jail# su admin admin@jail$ /usr/bin/id uid=1000(admin) gid=1000(admin) groups=1000(admin) Is this bug or feature ? If it's a feature, how it can be disabled and how would it affect the virtual machine bounds integrity ? I did not found an appropriate sysctl value or something describing it in jail man pages. /kernel: FreeBSD 4.4-STABLE smp .d To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message