From owner-svn-src-all@FreeBSD.ORG Tue Feb 4 10:06:00 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E574ABD2; Tue, 4 Feb 2014 10:06:00 +0000 (UTC) Received: from mail-vc0-x22f.google.com (mail-vc0-x22f.google.com [IPv6:2607:f8b0:400c:c03::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 407571965; Tue, 4 Feb 2014 10:06:00 +0000 (UTC) Received: by mail-vc0-f175.google.com with SMTP id ij19so5533517vcb.6 for ; Tue, 04 Feb 2014 02:05:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=V/ejYjOA+OhXpNw9xDOP47iHDP2QtBNqUCSn3NoeuSg=; b=lN2e4FC6lKGteVFP3dvHgrjpLrzCFLs4n/4SnEhTiE+ok+lrsPyv7SPK0noXrr0wYM 4V4OXmI8HDNituQzFRcB3zOLdt6SqIY/kphTD9pikf0k72YR6Uz9SAPaTmkSjhpXVBEi x1yRSgWPsTWEkwZ/ixG+MiY/UIFebR4hLmZdI3DshTLPjct49jc/FgmRgzggo5+hD2kW zCoLc7ZI7cYRQjIDuOUahh/jtPem2K8CoUAGCr8Ymv4ddtcJobqq9GYQ3UIzaKgyc+GO t1w8UBgiU1cjgukJewTd2xm/UCsC3ZYawxG9fubWYK1OLqZ/3zVKRz0Twd2NKEMwBd52 1Z6A== X-Received: by 10.220.98.143 with SMTP id q15mr64251vcn.38.1391508359274; Tue, 04 Feb 2014 02:05:59 -0800 (PST) MIME-Version: 1.0 Sender: ivoras@gmail.com Received: by 10.58.171.42 with HTTP; Tue, 4 Feb 2014 02:05:19 -0800 (PST) In-Reply-To: <52EBDD42.4020702@freebsd.org> References: <201401291341.s0TDfDcB068211@svn.freebsd.org> <20140129134344.GW66160@FreeBSD.org> <52E906CD.9050202@freebsd.org> <20140129222210.0000711f@unknown> <52EBDD42.4020702@freebsd.org> From: Ivan Voras Date: Tue, 4 Feb 2014 11:05:19 +0100 X-Google-Sender-Auth: K0B6B-EOhEtgK0uP90Dkk8RnEUo Message-ID: Subject: Re: svn commit: r261266 - in head: sys/dev/drm sys/kern sys/sys usr.sbin/jail To: James Gritton Content-Type: text/plain; charset=UTF-8 Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, Gleb Smirnoff , Robert Watson , svn-src-head@freebsd.org, Alexander Leidinger X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Feb 2014 10:06:01 -0000 On 31 January 2014 18:28, James Gritton wrote: > On 1/31/2014 5:34 AM, Robert Watson wrote: >> Frankly, I'd like to see this backed out and not reintroduced. If it must >> be retained, then it needs a much more clear warning that enabling this >> feature disables Jail's security model. Don't use the word 'obviate', >> instead explicitly state that root within the jail can escape the jail. >> >> Robert > > I'll do at least the next-best thing: back it out and hope to re-introduce > it. Clearly it could use some further discussion. How about outputting both a kernel (i.e. logged) and userland messages when the jail is created (or the parameter is changed, if it can?) which say something like "DANGER! The root within this jail (jid=%d) can escape the jail" or something like it? That seems reasonably loud.