From owner-freebsd-jail@FreeBSD.ORG Wed Jun 25 16:03:44 2008 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1EE47106566B for ; Wed, 25 Jun 2008 16:03:44 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.freebsd.org (Postfix) with ESMTP id EFF118FC15 for ; Wed, 25 Jun 2008 16:03:43 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 4DA8946C12; Wed, 25 Jun 2008 11:57:17 -0400 (EDT) Date: Wed, 25 Jun 2008 16:57:17 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Alexander Leidinger In-Reply-To: <20080625175252.18342qpk0oc2zc4k@webmail.leidinger.net> Message-ID: <20080625165505.P87282@fledge.watson.org> References: <62852722@bb.ipt.ru> <20080625173401.116369ceeiewif40@webmail.leidinger.net> <20080625175252.18342qpk0oc2zc4k@webmail.leidinger.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@FreeBSD.org Subject: Re: is nfs mount inside jail possible? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jun 2008 16:03:44 -0000 On Wed, 25 Jun 2008, Alexander Leidinger wrote: > Oh: I haven't checked if this actually works. I don't know if all places > DTRT then. Normally it should work, but you better test if it really puts > the FS in the place where you want it, that you can mount/umount it, that > "mount -v" shows the expected output on the host and in the jail, and so on. > > Similar things can be done for > src/sys/fs/{cd9660|msdosfs|ntfs|nullfs|smbfs|udf|unionfs}. Those are the > FS's which _should_ be safe, either because they work with untrusted data > anyway, or because it's a loopback mount. But again, I haven't tested any of > them (I have them patched locally, but even the initial testing is on my > TODO list with a low priority). Safe in the sense that they might, or might not, immediately panic. Not safe in the sense that the resulting system would necessarily have the expected or desired security properties. It wouldn't surprise me if, just for example, allowing user mounting of nullfs from within jail allowed the user to escape from the jail and access files outside the jail in the host system. Establishing that this is not the case is fairly non-trivial and has to be done very carefully. I would recommend extreme caution. Robert N M Watson Computer Laboratory University of Cambridge