From owner-svn-src-all@FreeBSD.ORG Thu Jul 28 15:12:16 2011 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 36288106566B; Thu, 28 Jul 2011 15:12:16 +0000 (UTC) (envelope-from minimarmot@gmail.com) Received: from mail-gx0-f182.google.com (mail-gx0-f182.google.com [209.85.161.182]) by mx1.freebsd.org (Postfix) with ESMTP id B4C0E8FC18; Thu, 28 Jul 2011 15:12:15 +0000 (UTC) Received: by gxk28 with SMTP id 28so2397120gxk.13 for ; Thu, 28 Jul 2011 08:12:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=Wk4hVuhGnU980DWu+7Qx34zZTzeD/bxZ1PeUNV6TABY=; b=IAAgfnGuHZDh24DBiYRgIWBf2dEKAkJseWrUj0OZYXYEE2E59Y904mQQGgBDOsu5DQ b/UK7s8kJmx4H4MjoNIIf6aP9rFCQXaxfAugHVgSuAZTWy8kcONjPzGuWywoum4fvGov ulWZyRylB3ll+dxq2zO9B73V/IX3ZOYrM3QGs= MIME-Version: 1.0 Received: by 10.236.80.67 with SMTP id j43mr184765yhe.57.1311865934994; Thu, 28 Jul 2011 08:12:14 -0700 (PDT) Received: by 10.236.109.147 with HTTP; Thu, 28 Jul 2011 08:12:14 -0700 (PDT) In-Reply-To: <201107281141.p6SBfuZg002113@svn.freebsd.org> References: <201107281141.p6SBfuZg002113@svn.freebsd.org> Date: Thu, 28 Jul 2011 11:12:14 -0400 Message-ID: From: Ben Kaduk To: Benedict Reuschling , rwatson@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r224475 - head/usr.sbin/jail X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jul 2011 15:12:16 -0000 On Thu, Jul 28, 2011 at 7:41 AM, Benedict Reuschling wrot= e: > Author: bcr (doc committer) > Date: Thu Jul 28 11:41:55 2011 > New Revision: 224475 > URL: http://svn.freebsd.org/changeset/base/224475 > > Log: > =A0Add a section to the jail chapter that explains why it is not > =A0recommended to allow root users in the jail to access the host system. > > =A0PR: =A0 =A0 =A0 =A0 =A0 docs/156853 > =A0Submitted by: crees > =A0Patch by: =A0 =A0 crees > =A0Approved by: =A0re (kib) for BETA1 > > Modified: > =A0head/usr.sbin/jail/jail.8 > > Modified: head/usr.sbin/jail/jail.8 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/usr.sbin/jail/jail.8 =A0 Thu Jul 28 10:16:30 2011 =A0 =A0 =A0 = =A0(r224474) > +++ head/usr.sbin/jail/jail.8 =A0 Thu Jul 28 11:41:55 2011 =A0 =A0 =A0 = =A0(r224475) > @@ -34,7 +34,7 @@ > =A0.\" > =A0.\" $FreeBSD$ > =A0.\" > -.Dd July 23, 2011 > +.Dd July 28, 2011 > =A0.Dt JAIL 8 > =A0.Os > =A0.Sh NAME > @@ -914,3 +914,8 @@ directory that is moved out of the jail' > =A0access to the file space outside of the jail. > =A0It is recommended that directories always be copied, rather than moved= , out > =A0of a jail. > +.Pp > +It is also not recommended that users allowed root in the jail be allowe= d > +access to the host system. > +For example, a root user in a jail can create a setuid root utility that > +could be run in the host system to achieve elevated privileges. Per rwatson's comment on the other jail.8 thread we've got going, we might recommend that the separate file system for a jail might also be mounted nosuid, which would close off this class of attack. I don't have a good sense of whether suid applications are frequently useful/needed inside a jail, though. -Ben Kaduk