Date: Fri, 29 Aug 2014 18:25:16 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 193129] New: [jail] exec.start with exec.system_user doesn't set gid Message-ID: <bug-193129-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193129 Bug ID: 193129 Summary: [jail] exec.start with exec.system_user doesn't set gid Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: Needs Triage Severity: Affects Only Me Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: freebsd@ruka.org When starting a jail with /usr/sbin/jail -c, the start command is run with uid, effective uid and effective gid set properly, but real gid isn't set, so it's still zero from running jail as root. In addition to any issues from retaining gid 0, this also has the effect that the process is considered setugid and tainted, so coredumps, signals, etc are restricted. /usr/sbin/jexec does properly set the gid. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-193129-8>