From owner-svn-src-head@FreeBSD.ORG  Tue Feb  4 10:42:02 2014
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 45DC0B17;
 Tue,  4 Feb 2014 10:42:02 +0000 (UTC)
Received: from cyrus.watson.org (cyrus.watson.org [198.74.231.69])
 by mx1.freebsd.org (Postfix) with ESMTP id 1838C1C8B;
 Tue,  4 Feb 2014 10:42:02 +0000 (UTC)
Received: from c0216.aw.cl.cam.ac.uk (c0216.aw.cl.cam.ac.uk [128.232.100.216])
 by cyrus.watson.org (Postfix) with ESMTPSA id 1AD9146B0C;
 Tue,  4 Feb 2014 05:41:58 -0500 (EST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
Subject: Re: svn commit: r261266 - in head: sys/dev/drm sys/kern sys/sys
 usr.sbin/jail
From: "Robert N. M. Watson" <rwatson@FreeBSD.org>
In-Reply-To: <CAF-QHFWa5RCo61955M2JQhJtT-JMfyCga2HAV+NaefXQJCZRcg@mail.gmail.com>
Date: Tue, 4 Feb 2014 10:41:57 +0000
Content-Transfer-Encoding: quoted-printable
Message-Id: <AB6C4677-A9F5-4EE3-B064-D28BEC2AC447@FreeBSD.org>
References: <201401291341.s0TDfDcB068211@svn.freebsd.org>
 <20140129134344.GW66160@FreeBSD.org> <52E906CD.9050202@freebsd.org>
 <20140129222210.0000711f@unknown>
 <alpine.BSF.2.00.1401311231490.36707@fledge.watson.org>
 <52EBDD42.4020702@freebsd.org>
 <CAF-QHFWa5RCo61955M2JQhJtT-JMfyCga2HAV+NaefXQJCZRcg@mail.gmail.com>
To: Ivan Voras <ivoras@freebsd.org>
X-Mailer: Apple Mail (2.1827)
Cc: src-committers@freebsd.org, svn-src-all@freebsd.org,
 Gleb Smirnoff <glebius@freebsd.org>, James Gritton <jamie@freebsd.org>,
 svn-src-head@freebsd.org, Alexander Leidinger <Alexander@leidinger.net>
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Feb 2014 10:42:02 -0000


On 4 Feb 2014, at 10:05, Ivan Voras <ivoras@freebsd.org> wrote:

> On 31 January 2014 18:28, James Gritton <jamie@freebsd.org> wrote:
>> On 1/31/2014 5:34 AM, Robert Watson wrote:
>=20
>>> Frankly, I'd like to see this backed out and not reintroduced.  If =
it must
>>> be retained, then it needs a much more clear warning that enabling =
this
>>> feature disables Jail's security model.  Don't use the word =
'obviate',
>>> instead explicitly state that root within the jail can escape the =
jail.
>>=20
>> I'll do at least the next-best thing: back it out and hope to =
re-introduce
>> it.  Clearly it could use some further discussion.
>=20
> How about outputting both a kernel (i.e. logged) and userland messages
> when the jail is created (or the parameter is changed, if it can?)
> which say something like "DANGER! The root within this jail (jid=3D%d)
> can escape the jail" or something like it? That seems reasonably loud.

At the very least, we need a more clear structuring and presentation of =
"insecure" options in the jail man page. E.g., a dedicated section for =
options that may have serious security consequences and a nice =
introduction to the section contextualising those concerns.

Robert=