From owner-freebsd-hackers@FreeBSD.ORG  Thu Dec 10 09:44:38 2009
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 534FE106566B;
	Thu, 10 Dec 2009 09:44:38 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42])
	by mx1.freebsd.org (Postfix) with ESMTP id 2BA018FC27;
	Thu, 10 Dec 2009 09:44:38 +0000 (UTC)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41])
	by cyrus.watson.org (Postfix) with ESMTPS id D5F5846B06;
	Thu, 10 Dec 2009 04:44:37 -0500 (EST)
Date: Thu, 10 Dec 2009 09:44:37 +0000 (GMT)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: Linda Messerschmidt <linda.messerschmidt@gmail.com>
In-Reply-To: <237c27100912010722g2f6c4647ga82370284bc26e20@mail.gmail.com>
Message-ID: <alpine.BSF.2.00.0912100943450.23303@fledge.watson.org>
References: <20091130142950.GA86528@logik.internal.network>
	<hf0lle$5mk$1@ger.gmane.org>
	<20091130150127.GA82188@logik.internal.network>
	<hf0ngp$cpb$1@ger.gmane.org>
	<237c27100912010722g2f6c4647ga82370284bc26e20@mail.gmail.com>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-hackers@freebsd.org, Ivan Voras <ivoras@freebsd.org>
Subject: Re: UNIX domain sockets on nullfs still broken?
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Dec 2009 09:44:38 -0000


On Tue, 1 Dec 2009, Linda Messerschmidt wrote:

> On Mon, Nov 30, 2009 at 10:14 AM, Ivan Voras <ivoras@freebsd.org> wrote:
>>> What's the sane solution, then, when the only method of communication
>>> is unix domain sockets?
>>
>> It is a security problem. I think the long-term solution would be to add a
>> sysctl analogous to security.jail.param.securelevel to handle this.
>
> Out of curiosity, why is allowing accessing to a Unix domain socket in a 
> filesystem to which a jail has explicitly been allowed access more or less 
> secure than allowing access to a file or a devfs node in a filesystem to 
> which a jail has explicitly been allowed access?

(I seem to have caught this thread rather late in the game due to being on 
travel) -- Ivan is wrong about nullfs, it's broken due to a bug, not a 
feature, and that bug is not present when using a single file system.  He's 
thinking of unionfs semantics, where if it worked it would be a bug.  :-)

Robert N M Watson
Computer Laboratory
University of Cambridge