From owner-freebsd-bugs@FreeBSD.ORG  Sat Sep 13 06:00:32 2003
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B80EF16A4C1
	for <freebsd-bugs@hub.freebsd.org>;
	Sat, 13 Sep 2003 06:00:32 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8E5AB43FFD
	for <freebsd-bugs@hub.freebsd.org>;
	Sat, 13 Sep 2003 06:00:30 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h8DD0UUp075759
	for <freebsd-bugs@freefall.freebsd.org>;
	Sat, 13 Sep 2003 06:00:30 -0700 (PDT)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h8DD0UiT075758;
	Sat, 13 Sep 2003 06:00:30 -0700 (PDT)
Resent-Date: Sat, 13 Sep 2003 06:00:30 -0700 (PDT)
Resent-Message-Id: <200309131300.h8DD0UiT075758@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Oliver Eikemeier <eikemeier@fillmore-labs.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3340216A4BF
	for <FreeBSD-gnats-submit@FreeBSD.org>;
	Sat, 13 Sep 2003 05:50:51 -0700 (PDT)
Received: from mx2.fillmore-labs.com (lima.fillmore-labs.com [62.138.193.83])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5124F43F85
	for <FreeBSD-gnats-submit@FreeBSD.org>;
	Sat, 13 Sep 2003 05:50:49 -0700 (PDT)
	(envelope-from eikemeier@fillmore-labs.com)
Received: from p5080bc91.dip.t-dialin.net
	([80.128.188.145] helo=fillmore-labs.com ident=vkg20v5nnmn6fph4)
	by mx2.fillmore-labs.com with asmtp (TLSv1:AES256-SHA:256)
	(Exim 4.22)
	id 19y9rT-0008SM-QG
	for FreeBSD-gnats-submit@FreeBSD.org; Sat, 13 Sep 2003 14:50:48 +0200
Message-Id: <3F63129A.5010209@fillmore-labs.com>
Date: Sat, 13 Sep 2003 14:50:34 +0200
From: Oliver Eikemeier <eikemeier@fillmore-labs.com>
To: FreeBSD-gnats-submit@FreeBSD.org
Subject: bin/56748: [PATCH] rc.subr: jail devfs handling broken
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Sep 2003 13:00:32 -0000


>Number:         56748
>Category:       bin
>Synopsis:       [PATCH] rc.subr: jail devfs handling broken
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Sep 13 06:00:29 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Oliver Eikemeier
>Release:        FreeBSD 5.1-CURRENT i386
>Organization:
Fillmore Labs - http://www.fillmore-labs.com
>Environment:
System: FreeBSD nuuk.fillmore-labs.com 5.1-CURRENT

>Description:

When you start a jail on 5-CURRENT with

jail_enable="YES"
jail_list="myjail"
jail_myjail_rootdir="/home/myjail"
... in /etc/rc.conf

/dev/console of the base system is clobbered

Moreover, the rules for the devfs mounted in the jail
are set, but not applied, which gives the jail
access to too many devices and is a security breach.

There is another bug this patch doesn't fix:

devfs_link doesn't seem to work for the console device.

>How-To-Repeat:
>Fix:

--- rc.subr.patch begins here ---
--- src/etc/rc.subr.orig	Fri Aug 22 11:55:52 2003
+++ src/etc/rc.subr	Sat Sep 13 14:17:34 2003
@@ -1039,7 +1039,7 @@
 }
 
 # devfs_link dir src link
-#	Make a symbolic link 'link' to src in chroot/dev.
+#	Make a symbolic link 'link' to src in dir.
 #	Returns 0 on sucess.
 #
 devfs_link()
@@ -1058,7 +1058,7 @@
 		warn "$_me: the directory ($dir) does not exist"
 		return 1
 	fi
-	cd ${chroot}/dev
+	cd ${dir}
 	if ! ln -sf $src $link ; then
 		warn "$_me: unable to link $link --> $src in $dir"
 		return 1
@@ -1230,6 +1230,7 @@
 	if [ -n "$rs" ]; then
 		devfs_init_rulesets
 		devfs_set_ruleset $rs $devdir
+		devfs_apply_ruleset $rs $devdir
 	fi
 	return 0
 }
--- rc.subr.patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted: