Date: Wed, 25 Jun 2008 16:57:17 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Alexander Leidinger <Alexander@Leidinger.net> Cc: freebsd-jail@FreeBSD.org Subject: Re: is nfs mount inside jail possible? Message-ID: <20080625165505.P87282@fledge.watson.org> In-Reply-To: <20080625175252.18342qpk0oc2zc4k@webmail.leidinger.net> References: <62852722@bb.ipt.ru> <20080625173401.116369ceeiewif40@webmail.leidinger.net> <20080625175252.18342qpk0oc2zc4k@webmail.leidinger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 25 Jun 2008, Alexander Leidinger wrote:
> Oh: I haven't checked if this actually works. I don't know if all places
> DTRT then. Normally it should work, but you better test if it really puts
> the FS in the place where you want it, that you can mount/umount it, that
> "mount -v" shows the expected output on the host and in the jail, and so on.
>
> Similar things can be done for
> src/sys/fs/{cd9660|msdosfs|ntfs|nullfs|smbfs|udf|unionfs}. Those are the
> FS's which _should_ be safe, either because they work with untrusted data
> anyway, or because it's a loopback mount. But again, I haven't tested any of
> them (I have them patched locally, but even the initial testing is on my
> TODO list with a low priority).
Safe in the sense that they might, or might not, immediately panic. Not safe
in the sense that the resulting system would necessarily have the expected or
desired security properties. It wouldn't surprise me if, just for example,
allowing user mounting of nullfs from within jail allowed the user to escape
from the jail and access files outside the jail in the host system.
Establishing that this is not the case is fairly non-trivial and has to be
done very carefully. I would recommend extreme caution.
Robert N M Watson
Computer Laboratory
University of Cambridge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080625165505.P87282>