conf/117577: rc.d/jail doesn't resolve symlinks
Simon L. Nielsen
simon at FreeBSD.org
Sun Oct 28 10:00:04 PDT 2007
The following reply was made to PR conf/117577; it has been noted by GNATS.
From: "Simon L. Nielsen" <simon at FreeBSD.org>
To: Johan Granath <nollan at phreaker.net>
Cc: freebsd-gnats-submit at FreeBSD.org
Subject: Re: conf/117577: rc.d/jail doesn't resolve symlinks
Date: Sun, 28 Oct 2007 17:32:58 +0100
On 2007.10.27 22:17:00 +0000, Johan Granath wrote:
> When setting the jail_jailname_rootdir to a path that contains
> symlinks, the rc.d/jail script has problems mounting mount_devfs on
> that path, obviously. To solve the issue you have to put the
> absolute path to that rcvar.
This is a known limitation. It sucks but so far nobody has been able
to / cared enough to come up with a patch which handles the symlinks
in a secure manner. See
http://security.freebsd.org/advisories/FreeBSD-SA-07:01.jail.asc for
details.
> In my opinion th rc.d/jail script should handle this, so I made a patch.
There wasn't a patch attached to the PR?
--
Simon L. Nielsen
More information about the freebsd-bugs
mailing list