Date: Sat, 10 Feb 2007 06:44:29 GMT From: Chris Haulmark<chris@sigd.net> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/109008: [patch] add summary of kern/48198 to jexec manpage Message-ID: <200702100644.l1A6iT3H022220@www.freebsd.org> Resent-Message-ID: <200702100650.l1A6oE3n064475@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 109008 >Category: kern >Synopsis: [patch] add summary of kern/48198 to jexec manpage >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sat Feb 10 06:50:14 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Chris Haulmark >Release: 6.2-stable >Organization: >Environment: >Description: >How-To-Repeat: >Fix: Patch attached with submission follows: --- jexec.8 Thu Jun 8 12:29:05 2006 +++ jexec.8-edited Sat Feb 10 00:32:35 2007 @@ -53,6 +53,23 @@ The user name from jailed environment as whom the .Ar command should run. +.Sh DESIGN NOTES +Administrator have to be aware that non-jailed users +can kill processes owned by the same UID that are +running in jail environments. It is suggested that +the administrators do not create user accounts outside +the jail enviornments with the same UIDs as the accounts +inside the jail. Exactly same problem exists with file +system objects and this can't be sloved in this way, +because no information about jail exists in file's inode +and users outside of jail are not chrooted. + +If administrator is running virtual servers with jail and +with regular users inside those virtual servers, it is +recommended that there should be no users accounts on this +machine outside the jail environments. + +This above is an expected behavior. .Sh SEE ALSO .Xr jail_attach 2 , .Xr jail 8 , >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200702100644.l1A6iT3H022220>