Date: Thu, 8 Oct 2009 08:54:12 GMT From: Andrey Groshev <greenx@yartv.ru> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/139422: make the jail safe for the parent system Message-ID: <200910080854.n988sCFc017068@www.freebsd.org> Resent-Message-ID: <200910080900.n98908Tw025238@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 139422
>Category: misc
>Synopsis: make the jail safe for the parent system
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Oct 08 09:00:07 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Andrey Groshev
>Release: 7.2-STABLE
>Organization:
YaroslavlTeleset
>Environment:
FreeBSD ear.yartelenet.ru 7.2-STABLE FreeBSD 7.2-STABLE #0: Mon Oct 5 13:56:49 MSD 2009 rootxxxxxxxx.ru:/usr/obj/usr/src/sys/earker amd64
>Description:
There is I and my server.
Also there is other person a server responsible for a web.
Periodically he wants that I would instal some software, but in my representation, this software bad or unnecessary.
I wish to make jail for its and its software.
To give to this person complete access to it, let does all that wants.
But, if in the jail create wrong start scripts, then the parent system too cannot be started up to the end.
>How-To-Repeat:
For example: in jail in /etc/rc.local write /bin/sh
And that starts all after this prison will not receive handle.
>Fix:
Menshikov Konstantin in maillist advised:
I`m think, that this is bug in /etc/rc.d/jail script.
You can fix /etc/rc.d/jail
626 run_rc_command "${cmd}" &
627 sleep 5
instead
626 run_rc_command "${cmd}"
This work.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910080854.n988sCFc017068>