svn commit: r224462 - stable/8/usr.sbin/jail
Jason Hellenthal
jhell at DataIX.net
Thu Jul 28 23:31:23 UTC 2011
On Thu, Jul 28, 2011 at 10:40:19AM +0100, Robert Watson wrote:
>
> On Wed, 27 Jul 2011, Glen Barber wrote:
>
> >> How is either one of these different ?
> >>
> >> All mv(1) is doing is a cp(1) & rm(1). In either case the filehandle is
> >> still broken and a process is not going to just get up and move with it. On
> >> the other side though if you copied a pipe or socket or something similiar
> >> for example into a jail then it might make whatever is outside available to
> >> the jailed environment.
> >>
> >> Is there something I am misunderstanding about this ? has the way cp(1),
> >> rm(1) & mv(1) been changed recently ? or is this wording a little off ?
> >
> > The text in the example is just an example of a situation where it may be
> > possible for a process within a jail(8) to gain filesystem access outside of
> > the jail(8).
>
> I wonder, if on these grounds, we should actually advise administrators that
> it is a more robust configuration, both in terms of managing free space and
> avoiding potential escape paths, to put each jail in its own file system.
> Lots of people do this anyway, and as recommendations go, it's not a bad one.
> We can then caution that if you *don't* do this, then you need to be careful
> about the mv issue.
>
That sounds like a perfectly sane idea.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 522 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/svn-src-stable/attachments/20110728/4d9c2bb1/attachment.pgp
More information about the svn-src-stable
mailing list