Date: Sun, 8 May 2011 12:11:22 +0000 (UTC) From: Benedict Reuschling <bcr@FreeBSD.org> To: doc-committers@FreeBSD.org, cvs-doc@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: doc/en_US.ISO8859-1/books/handbook/jails chapter.sgml Message-ID: <201105081211.p48CBMHG091973@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
bcr 2011-05-08 12:11:22 UTC
FreeBSD doc repository
Modified files:
en_US.ISO8859-1/books/handbook/jails chapter.sgml
Log:
Jails have a problem in that if the jail directory is world-readable, an
attacker with root access to the jail can create a setuid binary for their
own use in the host environment (if they also have this access), thus
breaking root in the host.
This exploit is impossible if the jail's files are not world-readable.
Add instructions to the handbook on how to create a jail with the
correct permissions set.
PR: docs/156853
Submitted by: Chris Rees (utisoft at gmail dot com)
Reviewed by: cperciva (security parts)
Revision Changes Path
1.23 +13 -3 doc/en_US.ISO8859-1/books/handbook/jails/chapter.sgml
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201105081211.p48CBMHG091973>