Date: Wed, 06 May 2026 12:06:28 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 295052] The jail(8) command leaks potentially sensitive file descriptors to exec.* hooks. Message-ID: <bug-295052-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295052 Bug ID: 295052 Summary: The jail(8) command leaks potentially sensitive file descriptors to exec.* hooks. Product: Base System Version: 15.0-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: conf Assignee: bugs@FreeBSD.org Reporter: crest@bultmann.eu The jail(8) command does not close configuration files after parsing them. These configuration files can contain secrets for multiple jails e.g. API tokens. The file descriptors behind the FILE handles are left open after parse_config() is done parsing the configuration. These file descriptors are later inherited by all child processes jail(8) forks e.g. the exec.* hooks. Some of these hooks run inside individual jails (exec.start, exec.stop) and should **NOT** be considered trusted by the host or other jails. As such this is an information leak across trust boundaries. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-295052-227>