Date: Fri, 31 Jan 2014 10:28:34 -0700 From: James Gritton <jamie@freebsd.org> To: Robert Watson <rwatson@FreeBSD.org>, Alexander Leidinger <Alexander@Leidinger.net> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, Gleb Smirnoff <glebius@FreeBSD.org>, src-committers@freebsd.org Subject: Re: svn commit: r261266 - in head: sys/dev/drm sys/kern sys/sys usr.sbin/jail Message-ID: <52EBDD42.4020702@freebsd.org> In-Reply-To: <alpine.BSF.2.00.1401311231490.36707@fledge.watson.org> References: <201401291341.s0TDfDcB068211@svn.freebsd.org> <20140129134344.GW66160@FreeBSD.org> <52E906CD.9050202@freebsd.org> <20140129222210.0000711f@unknown> <alpine.BSF.2.00.1401311231490.36707@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/31/2014 5:34 AM, Robert Watson wrote: > On Wed, 29 Jan 2014, Alexander Leidinger wrote: > >>> It does. I included a warning in jail.8 that this will pretty much >>> undo jail security. There are still reasons some may want to do >>> this, but it's definitely not for everyone or even most people. >> >> It only "unjails" (= basically the same security level as the >> jail-host with the added benefit of the flexibility of a jail like >> easy moving from one system to another) the jail which has this flag >> set. All other jails without the flag can not "escape" to the host. >> >> I also have to add that just setting this flag does not give access >> to the host, you also have to configure a non-default devfs rule for >> this jail (to have the devices appear in the jail). > > This is not correct: devices do not need to be delegated in devfs for > PRIV_IO to allow bypass of the Jail security model, due to sysarch() > and the Linux-emulated equivalent, which turn out direct I/O access > from a user process without use of a device node. > > Frankly, I'd like to see this backed out and not reintroduced. If it > must be retained, then it needs a much more clear warning that > enabling this feature disables Jail's security model. Don't use the > word 'obviate', instead explicitly state that root within the jail can > escape the jail. > > Robert I'll do at least the next-best thing: back it out and hope to re-introduce it. Clearly it could use some further discussion. - Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52EBDD42.4020702>