Date: Fri, 17 Mar 2006 07:18:16 +0100 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: "Jesus R. Camou" <jcamou@FreeBSD.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/jail jail.8 Message-ID: <20060317061815.GA859@zaphod.nitro.dk> In-Reply-To: <200603161431.k2GEVZiP074949@repoman.freebsd.org> References: <200603161431.k2GEVZiP074949@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--LZvS9be/3tNcYl/X Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2006.03.16 14:31:35 +0000, Jesus R. Camou wrote: > jcamou 2006-03-16 14:31:35 UTC >=20 > FreeBSD src repository (doc committer) >=20 > Modified files: > usr.sbin/jail jail.8=20 > Log: > Do `mount_devfs' when starting a jail. That is a very bad idea without further explaining the risks, since it will allow root in the jail more or less full access to the entire system since several non-safe device node are exported like disk and memory devices. To mount a devfs safely inside devfs rules must be set up. Could you please add a big warning, or even better, the commads to setup devfs rules for a jail /dev, like is done by the jail rc.d script? See also http://cvsweb.freebsd.org/src/usr.sbin/jail/jail.8#rev1.44 --=20 Simon L. Nielsen --LZvS9be/3tNcYl/X Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFEGlSnh9pcDSc1mlERAhz7AJ9KDIxXeTdIYFzZi3VtaLJEA2X6eQCgwKw0 zlK9PaqidCtgkc2Fx0jzPfs= =qUs7 -----END PGP SIGNATURE----- --LZvS9be/3tNcYl/X--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060317061815.GA859>