From owner-freebsd-bugs@FreeBSD.ORG Thu Oct 8 09:00:08 2009 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7D93D1065670 for ; Thu, 8 Oct 2009 09:00:08 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 3D1DE8FC1E for ; Thu, 8 Oct 2009 09:00:08 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n98908s7025239 for ; Thu, 8 Oct 2009 09:00:08 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n98908Tw025238; Thu, 8 Oct 2009 09:00:08 GMT (envelope-from gnats) Resent-Date: Thu, 8 Oct 2009 09:00:08 GMT Resent-Message-Id: <200910080900.n98908Tw025238@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Andrey Groshev Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2131B1065670 for ; Thu, 8 Oct 2009 08:54:13 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 10B4D8FC1E for ; Thu, 8 Oct 2009 08:54:13 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n988sChV017069 for ; Thu, 8 Oct 2009 08:54:12 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id n988sCFc017068; Thu, 8 Oct 2009 08:54:12 GMT (envelope-from nobody) Message-Id: <200910080854.n988sCFc017068@www.freebsd.org> Date: Thu, 8 Oct 2009 08:54:12 GMT From: Andrey Groshev To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: misc/139422: make the jail safe for the parent system X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Oct 2009 09:00:08 -0000 >Number: 139422 >Category: misc >Synopsis: make the jail safe for the parent system >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Oct 08 09:00:07 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Andrey Groshev >Release: 7.2-STABLE >Organization: YaroslavlTeleset >Environment: FreeBSD ear.yartelenet.ru 7.2-STABLE FreeBSD 7.2-STABLE #0: Mon Oct 5 13:56:49 MSD 2009 rootxxxxxxxx.ru:/usr/obj/usr/src/sys/earker amd64 >Description: There is I and my server. Also there is other person a server responsible for a web. Periodically he wants that I would instal some software, but in my representation, this software bad or unnecessary. I wish to make jail for its and its software. To give to this person complete access to it, let does all that wants. But, if in the jail create wrong start scripts, then the parent system too cannot be started up to the end. >How-To-Repeat: For example: in jail in /etc/rc.local write /bin/sh And that starts all after this prison will not receive handle. >Fix: Menshikov Konstantin in maillist advised: I`m think, that this is bug in /etc/rc.d/jail script. You can fix /etc/rc.d/jail 626 run_rc_command "${cmd}" & 627 sleep 5 instead 626 run_rc_command "${cmd}" This work. >Release-Note: >Audit-Trail: >Unformatted: