From owner-freebsd-security@FreeBSD.ORG Wed Jul 7 18:45:37 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E6FFA16A4CF for ; Wed, 7 Jul 2004 18:45:37 +0000 (GMT) Received: from mail.npubs.com (mail.writemehere.com [209.66.100.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id C3C2B43D31 for ; Wed, 7 Jul 2004 18:45:37 +0000 (GMT) (envelope-from nielsen@memberwebs.com) Resent-Message-Id: From: Nielsen User-Agent: Mozilla Thunderbird 0.5 (X11/20040208) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@freebsd.org X-Enigmail-Version: 0.83.3.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Message-Id: <20040707185358.7B4DF840A1F@mail.npubs.com> Resent-Date: Wed, 7 Jul 2004 18:53:58 +0000 (GMT) Resent-From: nielsen@memberwebs.com (Postfix Filters) Subject: jailutils security issue, and possible issue with 'jail' X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Wed, 07 Jul 2004 18:45:38 -0000 X-List-Received-Date: Wed, 07 Jul 2004 18:45:38 -0000 Since some of you use the jailutils package, I just wanted to post some additional info on the recent 'security fix' and also highlight a possible issue with the 'jail' command. http://memberwebs.com/nielsen/freebsd/jails/jailutils/security.html It's not a very big issue (unless I'm missing something), simply one of leaking the host environment into the jail. This might be used legitimately in certain cases, but in most cases it's probably a good idea to clear out the environment before executing the jail() or jail_attach() syscalls. The 'jstart' utility included in jailutils does this and it would probably be a good addition to 'jexec' and/or 'jail'.