From owner-cvs-all@FreeBSD.ORG Wed Feb 9 17:24:34 2005 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0E6B116A4D0 for ; Wed, 9 Feb 2005 17:24:34 +0000 (GMT) Received: from tx3.mail.ox.ac.uk (tx3.mail.ox.ac.uk [163.1.2.167]) by mx1.FreeBSD.org (Postfix) with ESMTP id A691B43D1D for ; Wed, 9 Feb 2005 17:24:33 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from scan3.mail.ox.ac.uk ([163.1.2.166] helo=localhost) by tx3.mail.ox.ac.uk with esmtp (Exim 4.42) id 1CyvZp-0007MM-9t for cvs-all@freebsd.org; Wed, 09 Feb 2005 17:24:33 +0000 Received: from rx3.mail.ox.ac.uk ([163.1.2.165]) by localhost (scan3.mail.ox.ac.uk [163.1.2.166]) (amavisd-new, port 25) with ESMTP id 27627-08 for ; Wed, 9 Feb 2005 17:24:32 +0000 (GMT) Received: from smtp2.herald.ox.ac.uk ([163.1.0.235]) by rx3.mail.ox.ac.uk with esmtp (Exim 4.42) id 1CyvZj-0007H3-AG; Wed, 09 Feb 2005 17:24:27 +0000 Received: from dhcp1041.wadham.ox.ac.uk ([163.1.161.41]) by smtp2.herald.ox.ac.uk with esmtp (Exim 3.35 #1) id 1CyvZi-0006AE-3n; Wed, 09 Feb 2005 17:24:26 +0000 Message-ID: <420A474A.1050901@freebsd.org> Date: Wed, 09 Feb 2005 17:24:26 +0000 From: Colin Percival User-Agent: Mozilla Thunderbird 1.0 (X11/20050113) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Pawel Jakub Dawidek References: <200502082131.j18LVBBd031393@repoman.freebsd.org> <20050208215041.GP1080@darkness.comp.waw.pl> In-Reply-To: <20050208215041.GP1080@darkness.comp.waw.pl> X-Enigmail-Version: 0.89.5.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: cvs-src@FreeBSD.org cc: src-committers@FreeBSD.org cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern kern_jail.c src/sys/sys jail.hsrc/sys/ufs/ufs ufs_vnops.c src/usr.sbin/jail jail.8 X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Feb 2005 17:24:34 -0000 Pawel Jakub Dawidek wrote: > On Tue, Feb 08, 2005 at 09:31:11PM +0000, Colin Percival wrote: > +> Add a new sysctl, "security.jail.chflags_allowed", which controls the > +> behaviour of chflags within a jail. If set to 0 (the default), then a > +> jailed root user is treated as an unprivileged user; if set to 1, then > +> a jailed root user is treated the same as an unjailed root user. > > More than that. It should be allowed in the future by default Don't you think it's better to err on the side of security? There are certainly times when allowing a jailed user to manipulate system file flags could cause (non-obvious) problems, while any failure caused by an inability to set these flags will be immediately obvious. Also, I'm planning on MFCing this to RELENG_5, and we definitely don't want the default behaviour to change there. > and this > behaviour should be controlled by jail's securelevel. Right now with security.jail.chflags_allowed=1, the usual securelevel restrictions apply based on both the host and jail securelevel. Is this what you meant? Colin Percival