[Bug 193129] New: [jail] exec.start with exec.system_user doesn't set gid
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Aug 29 18:25:16 UTC 2014
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193129
Bug ID: 193129
Summary: [jail] exec.start with exec.system_user doesn't set
gid
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: Needs Triage
Severity: Affects Only Me
Priority: ---
Component: bin
Assignee: freebsd-bugs at FreeBSD.org
Reporter: freebsd at ruka.org
When starting a jail with /usr/sbin/jail -c, the start command is run with uid,
effective uid and effective gid set properly, but real gid isn't set, so it's
still zero from running jail as root.
In addition to any issues from retaining gid 0, this also has the effect that
the process is considered setugid and tainted, so coredumps, signals, etc are
restricted.
/usr/sbin/jexec does properly set the gid.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list