Improving FreeBSD-SA-07:01.jail fix [was: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail]

Simon L. Nielsen simon at
Sat Jan 20 13:54:04 UTC 2007

On 2007.01.20 14:03:08 +0100, Pawel Jakub Dawidek wrote:
> On Sat, Jan 20, 2007 at 01:24:33PM +0100, Simon L. Nielsen wrote:
> [...]
> > BTW. with regard to the console.log file I really don't think it
> > should be put back inside the jail unless it's possible to make the
> > generation of the file entirely inside the jail since it's just not
> > worth the risk/complexity.  I think it should be possible to do this
> > with jail(8) in -CURRENT (see -J flag), but:
> When -J operates on a file inside a jail, it create the same security
> hole as the one from security advisory, because it opens a file before
> calling jail(2).

My thought with using -J was not place the info about jid in a file
outside the jail root, basically (pseudo code):

	jail -J $_tmpfile "sh /etc/rc > /var/log/console.log"
	_jid=`cat $_tmpfile | something`

At least that was what I thought might be possible with the -J switch
when I noticed it existed.  In any case, actually coding this,
verifying that it works and is safe is left up to anyone who cares
about having console.log inside the jail.

Simon L. Nielsen

More information about the freebsd-security mailing list