From owner-freebsd-bugs@FreeBSD.ORG  Fri Feb 20 04:52:03 2004
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id B899816A50F; Fri, 20 Feb 2004 04:52:02 -0800 (PST)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id B05BC43D1F; Fri, 20 Feb 2004 04:52:02 -0800 (PST)
	(envelope-from pjd@FreeBSD.org)
Received: from freefall.freebsd.org (pjd@localhost [127.0.0.1])
	i1KCq2bv010710;	Fri, 20 Feb 2004 04:52:02 -0800 (PST)
	(envelope-from pjd@freefall.freebsd.org)
Received: (from pjd@localhost)
	by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i1KCq01Z010706;
	Fri, 20 Feb 2004 04:52:00 -0800 (PST)
	(envelope-from pjd)
Date: Fri, 20 Feb 2004 04:52:00 -0800 (PST)
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
Message-Id: <200402201252.i1KCq01Z010706@freefall.freebsd.org>
To: mooneer@translator.cx, pjd@FreeBSD.org, freebsd-bugs@FreeBSD.org
Subject: Re: kern/48198: Non-jailed users can kill processes owned by same
	UID
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Feb 2004 12:52:04 -0000

Synopsis: Non-jailed users can kill processes owned by same UID

State-Changed-From-To: open->closed
State-Changed-By: pjd
State-Changed-When: Pią 20 Lut 04:42:35 2004 PST
State-Changed-Why: 
This is an expected behaviour.
Administrator have to be aware about this and don't
create  user accounts outside the jail with the same UIDs
as accounts inside the jail. Exactly the same problem exists
with file system objects and this can't be sloved in this way,
because no information about jail exists in file's inode
and users outside of jail aren't chrooted.
If one is running virtuals servers with jail and with regular
users inside those servers, there should be no users accounts
on this machine outside jails.

http://www.freebsd.org/cgi/query-pr.cgi?pr=48198