From owner-cvs-src@FreeBSD.ORG Wed Feb 9 17:32:33 2005 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3625C16A4CE; Wed, 9 Feb 2005 17:32:33 +0000 (GMT) Received: from darkness.comp.waw.pl (darkness.comp.waw.pl [195.117.238.136]) by mx1.FreeBSD.org (Postfix) with ESMTP id 68DA143D2D; Wed, 9 Feb 2005 17:32:30 +0000 (GMT) (envelope-from pjd@darkness.comp.waw.pl) Received: by darkness.comp.waw.pl (Postfix, from userid 1009) id 6A3A7ACBD2; Wed, 9 Feb 2005 18:32:10 +0100 (CET) Date: Wed, 9 Feb 2005 18:32:10 +0100 From: Pawel Jakub Dawidek To: Colin Percival Message-ID: <20050209173210.GX1080@darkness.comp.waw.pl> References: <200502082131.j18LVBBd031393@repoman.freebsd.org> <20050208215041.GP1080@darkness.comp.waw.pl> <420A474A.1050901@freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="DMefDzZywwCHZelG" Content-Disposition: inline In-Reply-To: <420A474A.1050901@freebsd.org> User-Agent: Mutt/1.4.2i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 5.2.1-RC2 i386 cc: cvs-src@FreeBSD.org cc: src-committers@FreeBSD.org cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern kern_jail.c src/sys/sys jail.h src/sys/ufs/ufs ufs_vnops.c src/usr.sbin/jail jail.8 X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Feb 2005 17:32:33 -0000 --DMefDzZywwCHZelG Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 09, 2005 at 05:24:26PM +0000, Colin Percival wrote: +> Pawel Jakub Dawidek wrote: +> >On Tue, Feb 08, 2005 at 09:31:11PM +0000, Colin Percival wrote: +> >+> Add a new sysctl, "security.jail.chflags_allowed", which controls = the +> >+> behaviour of chflags within a jail. If set to 0 (the default), th= en a +> >+> jailed root user is treated as an unprivileged user; if set to 1, = then +> >+> a jailed root user is treated the same as an unjailed root user. +> > +> >More than that. It should be allowed in the future by default=20 +>=20 +> Don't you think it's better to err on the side of security? There +> are certainly times when allowing a jailed user to manipulate system +> file flags could cause (non-obvious) problems, while any failure +> caused by an inability to set these flags will be immediately obvious. I think, this behaviour was introduced in RELENG_4, because of lack per-jail securelevels. Now we have those and I think we should not add yet another sysctl for jails, securelevel is enough IMHO. +> Also, I'm planning on MFCing this to RELENG_5, and we definitely don't +> want the default behaviour to change there. Sure. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --DMefDzZywwCHZelG Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFCCkkaForvXbEpPzQRAqEiAJ0QSkBWzA3y2YYH0oDz7zyIF2Z3dQCeNM8n kuICzjIx5Y5w7cOgMQ9ZF/g= =qnYH -----END PGP SIGNATURE----- --DMefDzZywwCHZelG--