kern/109008: [patch] add summary of kern/48198 to jexec manpage
Chris Haulmark
chris at sigd.net
Sat Feb 10 06:50:14 UTC 2007
>Number: 109008
>Category: kern
>Synopsis: [patch] add summary of kern/48198 to jexec manpage
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Sat Feb 10 06:50:14 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Chris Haulmark
>Release: 6.2-stable
>Organization:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
--- jexec.8 Thu Jun 8 12:29:05 2006
+++ jexec.8-edited Sat Feb 10 00:32:35 2007
@@ -53,6 +53,23 @@
The user name from jailed environment as whom the
.Ar command
should run.
+.Sh DESIGN NOTES
+Administrator have to be aware that non-jailed users
+can kill processes owned by the same UID that are
+running in jail environments. It is suggested that
+the administrators do not create user accounts outside
+the jail enviornments with the same UIDs as the accounts
+inside the jail. Exactly same problem exists with file
+system objects and this can't be sloved in this way,
+because no information about jail exists in file's inode
+and users outside of jail are not chrooted.
+
+If administrator is running virtual servers with jail and
+with regular users inside those virtual servers, it is
+recommended that there should be no users accounts on this
+machine outside the jail environments.
+
+This above is an expected behavior.
.Sh SEE ALSO
.Xr jail_attach 2 ,
.Xr jail 8 ,
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list