Date: Wed, 07 Jul 2004 18:45:38 -0000 From: Nielsen <nielsen@memberwebs.com> To: freebsd-security@freebsd.org Subject: jailutils security issue, and possible issue with 'jail' Message-ID: <20040707185358.7B4DF840A1F@mail.npubs.com> Resent-Message-ID: <none>
next in thread | raw e-mail | index | archive | help
Since some of you use the jailutils package, I just wanted to post some additional info on the recent 'security fix' and also highlight a possible issue with the 'jail' command. http://memberwebs.com/nielsen/freebsd/jails/jailutils/security.html It's not a very big issue (unless I'm missing something), simply one of leaking the host environment into the jail. This might be used legitimately in certain cases, but in most cases it's probably a good idea to clear out the environment before executing the jail() or jail_attach() syscalls. The 'jstart' utility included in jailutils does this and it would probably be a good addition to 'jexec' and/or 'jail'.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040707185358.7B4DF840A1F>