From owner-freebsd-bugs@FreeBSD.ORG Fri Apr 22 10:50:18 2005 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E3BD316A4CE for ; Fri, 22 Apr 2005 10:50:18 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9335543D2F for ; Fri, 22 Apr 2005 10:50:18 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j3MAoIhp093268 for ; Fri, 22 Apr 2005 10:50:18 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j3MAoIti093267; Fri, 22 Apr 2005 10:50:18 GMT (envelope-from gnats) Resent-Date: Fri, 22 Apr 2005 10:50:18 GMT Resent-Message-Id: <200504221050.j3MAoIti093267@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Frank Behrens Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC59516A4CE for ; Fri, 22 Apr 2005 10:47:52 +0000 (GMT) Received: from pinky.frank-behrens.de (pinky.frank-behrens.de [82.139.199.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id B3FAD43D5C for ; Fri, 22 Apr 2005 10:47:51 +0000 (GMT) (envelope-from frank@pinky.sax.de) Received: from moon.behrens (localhost [127.0.0.1]) ESMTP id j3MAlke8094732 for ; Fri, 22 Apr 2005 12:47:46 +0200 (CEST) (envelope-from frank@moon.behrens) Received: (from frank@localhost) by moon.behrens (8.13.3/8.13.3/Submit) id j3MAlk8X094731; Fri, 22 Apr 2005 12:47:46 +0200 (CEST) (envelope-from frank) Message-Id: <200504221047.j3MAlk8X094731@moon.behrens> Date: Fri, 22 Apr 2005 12:47:46 +0200 (CEST) From: Frank Behrens To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: bin/80242: jail(8) should be able to set kern.securelevel inside the prison X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Frank Behrens List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2005 10:50:19 -0000 >Number: 80242 >Category: bin >Synopsis: jail(8) should be able to set kern.securelevel inside the prison >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Apr 22 10:50:18 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Frank Behrens >Release: FreeBSD 5.4-STABLE i386 >Organization: >Environment: System: FreeBSD moon.behrens 5.4-STABLE FreeBSD 5.4-STABLE #2: Tue Apr 12 10:41:41 CEST 2005 root@moon.behrens:/data2/sys/obj/usr/src/sys/FRANK01 i386 >Description: jail(8) should be able to set kern.securelevel As described in man jail(8) the kern.securelevel in a jail can raised independent of host securelevel. If the jail is run with a user other than root (option -u or -U) this user can not change the securelevel. Therefore the securelevel must raised before the user is changed and this can be done in jail(8) only. jail(8) needs an option to be able to raise the securelevel in a jail if the jail is run with a restricted user. A workaround would be a suid executable inside the jail, but this is refused due to security constraints. >How-To-Repeat: Start a jail with other user (option -u or -U) and try to raise the securelevel in the jail without any suid executable. >Fix: The following patch implements the option to raise the kern.securelevel inside a newly created jail. --- jailseclevel.patch begins here --- --- usr.sbin/jail/jail.8.orig Sun Feb 27 16:40:16 2005 +++ usr.sbin/jail/jail.8 Thu Apr 21 10:43:33 2005 @@ -33,7 +33,7 @@ .\" .\" $FreeBSD: src/usr.sbin/jail/jail.8,v 1.58.2.2 2005/02/27 15:40:16 brueffer Exp $ .\" -.Dd April 8, 2003 +.Dd April 21, 2005 .Dt JAIL 8 .Os .Sh NAME @@ -42,6 +42,7 @@ .Sh SYNOPSIS .Nm .Op Fl i +.Op Fl s Ar securelevel .Op Fl l u Ar username | Fl U Ar username .Ar path hostname ip-number command ... .Sh DESCRIPTION @@ -53,6 +54,8 @@ .Bl -tag -width ".Fl u Ar username" .It Fl i Output the jail identifier of the newly created jail. +.It Fl s Ar securelevel +Sets "kern.securelevel" to the specified value inside the newly created jail. .It Fl l Run program in the clean environment. The environment is discarded except for --- usr.sbin/jail/jail.c.orig Sun Aug 15 10:21:50 2004 +++ usr.sbin/jail/jail.c Thu Apr 21 10:39:00 2005 @@ -12,6 +12,7 @@ #include #include +#include #include #include @@ -28,6 +29,7 @@ #include static void usage(void); +static void setsecurelevel (int level); extern char **environ; #define GET_USER_INFO do { \ @@ -57,15 +59,19 @@ char path[PATH_MAX], *username; static char *cleanenv; const char *shell, *p; + int securelevel = -1; iflag = lflag = uflag = Uflag = 0; username = cleanenv = NULL; - while ((ch = getopt(argc, argv, "ilu:U:")) != -1) { + while ((ch = getopt(argc, argv, "ils:u:U:")) != -1) { switch (ch) { case 'i': iflag = 1; break; + case 's': + securelevel = (int) strtol(optarg, NULL, 0); + break; case 'u': username = optarg; uflag = 1; @@ -109,6 +115,8 @@ printf("%d\n", i); fflush(stdout); } + if (securelevel > 0) + setsecurelevel(securelevel); if (username != NULL) { if (Uflag) GET_USER_INFO; @@ -148,7 +156,15 @@ { (void)fprintf(stderr, "%s%s\n", - "usage: jail [-i] [-l -u username | -U username]", + "usage: jail [-i] [-s securelevel] [-l -u username | -U username]", " path hostname ip-number command ..."); exit(1); +} + +static void +setsecurelevel (int level) { + + if (sysctlbyname("kern.securelevel", NULL, 0, &level, sizeof(level))) + err(1, "Can not set secure level to %d", level); + } --- jailseclevel.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: