From owner-freebsd-bugs@FreeBSD.ORG  Fri Sep 22 15:40:28 2006
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@hub.freebsd.org
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7D83416A4E0
	for <freebsd-bugs@hub.freebsd.org>;
	Fri, 22 Sep 2006 15:40:28 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1A81143D8E
	for <freebsd-bugs@hub.freebsd.org>;
	Fri, 22 Sep 2006 15:40:22 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k8MFeLBF003127
	for <freebsd-bugs@freefall.freebsd.org>; Fri, 22 Sep 2006 15:40:21 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k8MFeLL3003126;
	Fri, 22 Sep 2006 15:40:21 GMT (envelope-from gnats)
Resent-Date: Fri, 22 Sep 2006 15:40:21 GMT
Resent-Message-Id: <200609221540.k8MFeLL3003126@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Jeremie Le Hen <jeremie@le-hen.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 909DB16A40F;
	Fri, 22 Sep 2006 15:33:31 +0000 (UTC)
	(envelope-from tataz@tataz.chchile.org)
Received: from smtp4-g19.free.fr (smtp4-g19.free.fr [212.27.42.30])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0795643D6A;
	Fri, 22 Sep 2006 15:33:31 +0000 (GMT)
	(envelope-from tataz@tataz.chchile.org)
Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98])
	by smtp4-g19.free.fr (Postfix) with ESMTP id 5842454B65;
	Fri, 22 Sep 2006 17:33:30 +0200 (CEST)
Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25])
	by tatooine.tataz.chchile.org (Postfix) with ESMTP id 03A7F9B4C1;
	Fri, 22 Sep 2006 15:33:36 +0000 (UTC)
Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000)
	id E397E408C; Fri, 22 Sep 2006 17:33:35 +0200 (CEST)
Message-Id: <20060922153335.E397E408C@obiwan.tataz.chchile.org>
Date: Fri, 22 Sep 2006 17:33:35 +0200 (CEST)
From: Jeremie Le Hen <jeremie@le-hen.org>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: dougb@FreeBSD.org, jeremie@le-hen.org
Subject: misc/103489: [patch] named_chroot_autoupdate doesn't work in a jail
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Jeremie Le Hen <jeremie@le-hen.org>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Sep 2006 15:40:28 -0000


>Number:         103489
>Category:       misc
>Synopsis:       [patch] named_chroot_autoupdate doesn't work in a jail
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Sep 22 15:40:16 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Jeremie Le Hen
>Release:        FreeBSD 6.1-STABLE i386
>Organization:
>Environment:
System: FreeBSD obiwan 6.1-STABLE FreeBSD 6.1-STABLE #8: Sun Jun 25 18:27:14 CEST 2006 root@obiwan:/usr/obj/usr/src/sys/OBIWAN i386
>Description:
	rc.d/named's chroot_autoupdate() unconditionnaly tries to mount devfs.
	This is obviously not possible inside a jail.  Though already jailed,
	one might want to run a chrooted named(8) inside a jail, in order to
	hinder a possible bug exploitation.
	This patch test the security.jail.jailed sysctl before performing the
	devfs stuff.

	Note this patch doesn't yet allow the user to run a chrooted named(8)
	inside a jail ; it must come along with PR misc/103486.
>How-To-Repeat:
	Straightforward, see description.
>Fix:
Index: named
===================================================================
RCS file: /home/ncvs/src/etc/rc.d/named,v
retrieving revision 1.26
diff -u -p -u -p -r1.26 named
--- named	20 Apr 2006 12:30:12 -0000	1.26
+++ named	22 Sep 2006 15:23:45 -0000
@@ -59,10 +59,12 @@ chroot_autoupdate()
 
 	# Mount a devfs in the chroot directory if needed
 	#
-	umount ${named_chrootdir}/dev 2>/dev/null
-	devfs_domount ${named_chrootdir}/dev devfsrules_hide_all
-	devfs -m ${named_chrootdir}/dev rule apply path null unhide
-	devfs -m ${named_chrootdir}/dev rule apply path random unhide
+	if [ `sysctl -n security.jail.jailed` = 0 ]; then
+		umount ${named_chrootdir}/dev 2>/dev/null
+		devfs_domount ${named_chrootdir}/dev devfsrules_hide_all
+		devfs -m ${named_chrootdir}/dev rule apply path null unhide
+		devfs -m ${named_chrootdir}/dev rule apply path random unhide
+	fi
 
 	# Copy local timezone information if it is not up to date.
 	#
>Release-Note:
>Audit-Trail:
>Unformatted: