From owner-svn-src-stable-8@FreeBSD.ORG  Thu Jul 28 09:40:20 2011
Return-Path: <owner-svn-src-stable-8@FreeBSD.ORG>
Delivered-To: svn-src-stable-8@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A6B5A106564A;
	Thu, 28 Jul 2011 09:40:20 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42])
	by mx1.freebsd.org (Postfix) with ESMTP id 8173E8FC16;
	Thu, 28 Jul 2011 09:40:20 +0000 (UTC)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41])
	by cyrus.watson.org (Postfix) with ESMTPS id F151E46B2A;
	Thu, 28 Jul 2011 05:40:19 -0400 (EDT)
Date: Thu, 28 Jul 2011 10:40:19 +0100 (BST)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: Glen Barber <gjb@FreeBSD.org>
In-Reply-To: <4E30CEEB.107@FreeBSD.org>
Message-ID: <alpine.BSF.2.00.1107281039110.30580@fledge.watson.org>
References: <201107270156.p6R1uquD035835@svn.freebsd.org>
	<20110728021914.GA55550@DataIX.net> <4E30CEEB.107@FreeBSD.org>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: Jason Hellenthal <jhell@DataIX.net>, svn-src-all@freebsd.org,
	src-committers@freebsd.org, svn-src-stable-8@freebsd.org,
	svn-src-stable@freebsd.org
Subject: Re: svn commit: r224462 - stable/8/usr.sbin/jail
X-BeenThere: svn-src-stable-8@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for only the 8-stable src tree
	<svn-src-stable-8.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-8>, 
	<mailto:svn-src-stable-8-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-8>
List-Post: <mailto:svn-src-stable-8@freebsd.org>
List-Help: <mailto:svn-src-stable-8-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-8>, 
	<mailto:svn-src-stable-8-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jul 2011 09:40:20 -0000


On Wed, 27 Jul 2011, Glen Barber wrote:

>> How is either one of these different ?
>>
>> All mv(1) is doing is a cp(1) & rm(1). In either case the filehandle is 
>> still broken and a process is not going to just get up and move with it. On 
>> the other side though if you copied a pipe or socket or something similiar 
>> for example into a jail then it might make whatever is outside available to 
>> the jailed environment.
>>
>> Is there something I am misunderstanding about this ? has the way cp(1), 
>> rm(1) & mv(1) been changed recently ? or is this wording a little off ?
>
> The text in the example is just an example of a situation where it may be 
> possible for a process within a jail(8) to gain filesystem access outside of 
> the jail(8).

I wonder, if on these grounds, we should actually advise administrators that 
it is a more robust configuration, both in terms of managing free space and 
avoiding potential escape paths, to put each jail in its own file system. 
Lots of people do this anyway, and as recommendations go, it's not a bad one. 
We can then caution that if you *don't* do this, then you need to be careful 
about the mv issue.

Robert