Date: Sat, 09 Oct 1999 14:07:51 -0500 From: Jacques Vidrine <n@nectar.com> To: Matt Behrens <matt@zigg.com> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: merging current's jail functionality to stable Message-ID: <19991009190752.14C771D87@bone.nectar.com> In-Reply-To: <Pine.BSF.4.10.9910091247260.25227-100000@megaweapon.zigg.com> References: <Pine.BSF.4.10.9910091247260.25227-100000@megaweapon.zigg.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9 October 1999 at 12:48, Matt Behrens <matt@zigg.com> wrote: > Is suser needed to properly support jail? Without suser being > updated, will we have a hole in the implementation? No, see src/sys/kern_prot.c in -CURRENT for details. Anything that uses suser (rather than suser_xxx) does NOT grant superuser priviledges to jail'd processes, even where those process have uid == 0. The only way to grant jail'd process superuser priviledges is by calling suser_xxx instead of suser, and passing an explicit flag. That's done in about 28 places in the source tree. Jacques Vidrine / n@nectar.com / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991009190752.14C771D87>