Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 22 Aug 2004 14:21:56 +0200
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        "Christian S.J. Peron" <csjp@FreeBSD.org>
Cc:        cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/sys/ufs/ufs ufs_vnops.c
Message-ID:  <20040822122156.GK30151@darkness.comp.waw.pl>
In-Reply-To: <200408220203.i7M23fb5001923@repoman.freebsd.org>
References:  <200408220203.i7M23fb5001923@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--c6397Mob2532IpCX
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Aug 22, 2004 at 02:03:41AM +0000, Christian S.J. Peron wrote:
+> csjp        2004-08-22 02:03:41 UTC
+>=20
+>   FreeBSD src repository
+>=20
+>   Modified files:
+>     sys/ufs/ufs          ufs_vnops.c=20
+>   Log:
+>   Currently, if the secure level is low enough, system flags can
+>   be manipulated by prison root. In 4.x prison root can not manipulate
+>   system flags, regardless of the security level. This behavior
+>   should remain consistent to avoid any surprises which could lead
+>   to security problems for system administrators which give out
+>   privileged access to jails.
+>  =20
+>   This commit changes suser_cred's flag argument from SUSER_ALLOWJAIL
+>   to 0. This will prevent prison root from being able to manipulate
+>   system flags on files.
+>  =20
+>   This may be a MFC candidate for RELENG_5.

In 5.x we are able to set securelevel per jail, so jail's system
administrator can increase securelevel if he needs this behaviour.
I agree, that we should stay consistent with 4.x, that's why we should
put this under some sysctl with default value, that keeps 4.x
behaviour, but it could be changed if jail's system administrator wants
to take control over system flags.

--=20
Pawel Jakub Dawidek                       http://www.FreeBSD.org
pjd@FreeBSD.org                           http://garage.freebsd.pl
FreeBSD committer                         Am I Evil? Yes, I Am!

--c6397Mob2532IpCX
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFBKI/kForvXbEpPzQRAqLeAJ995TMWFMU7H1SChRlYjQZhfG+W+wCcDVCF
TmTbn5uPtSY5zYipIIGXvmc=
=kpkf
-----END PGP SIGNATURE-----

--c6397Mob2532IpCX--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040822122156.GK30151>