From owner-freebsd-stable@FreeBSD.ORG  Thu Mar  6 08:15:07 2014
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 6C942F43
 for <freebsd-stable@freebsd.org>; Thu,  6 Mar 2014 08:15:07 +0000 (UTC)
Received: from server1.xenet.de (server1out.xenet.de [213.221.94.200])
 by mx1.freebsd.org (Postfix) with ESMTP id F35DDD9E
 for <freebsd-stable@freebsd.org>; Thu,  6 Mar 2014 08:15:06 +0000 (UTC)
Received: from [10.0.0.50] (intern.xenet.de [213.221.94.50])
 (authenticated bits=0)
 by server1.xenet.de (8.12.5/8.12.5) with ESMTP id s268EEvT006612
 for <freebsd-stable@freebsd.org>; Thu, 6 Mar 2014 09:14:16 +0100 (CET)
 (envelope-from meyser@xenet.de)
Message-ID: <53182E7C.9030403@xenet.de>
Date: Thu, 06 Mar 2014 09:14:52 +0100
From: Matthias Meyser <meyser@xenet.de>
Organization: XeNET GmbH, Clausthal-Zellerfeld
User-Agent: Mozilla/5.0 (Windows NT 5.1;
 rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: freebsd-stable@freebsd.org
Subject: Re: Re: jails and devfs
References: <53172A29.50202@xenet.de> <53172B3C.4020201@bytecamp.net>
In-Reply-To: <53172B3C.4020201@bytecamp.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.38
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Mar 2014 08:15:07 -0000

Hi.
Am 05.03.2014 14:48, schrieb Robert Schulze:
> I've already filed a PR for that:
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=187079

Thanks! devfs_load_rulesets="YES" workaround did it.

But I think this should fixed asap or everyone updating
FreeBSD end up in running insecure jails.

At least there should be a big fat warning in UPDATING.

Better /etc/rc.d/jail should emit a warning.

Best devfs.rules should be loaded as needed.
This would restore the old behavior an not break POLA.

with regards
    Matthias Meyser

-- 
Matthias Meyser            | XeNET GmbH
Tel.:  +49-5323-9489050    | 38678 Clausthal-Zellerfeld, Marktstrasse 40
Fax:   +49-5323-94014      | Registergericht: Amtsgericht Braunschweig HRB 
110823
Email: Meyser@xenet.de     | Geschaeftsfuehrer: Matthias Meyser