From nobody Thu May 07 17:26:29 2026
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gBK12063rz6ctcj
	for <dev-commits-src-all@mlmmj.nyi.freebsd.org>; Thu, 07 May 2026 17:26:30 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4gBK114Fg7z3mVc
	for <dev-commits-src-all@FreeBSD.org>; Thu, 07 May 2026 17:26:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1778174789;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=xoBWzbVgimd3n8Xed2JlYD+7IjpfuhhPhiUy8ZuPhkI=;
	b=cAOIJOd/rMe8dy5BD7XC3mxwo5rO0ufFLBFEkzBU1K9CQ2C6rqI7oXLRRwstpKmMT0IC2i
	VTyEHSc9tSgR6/rXFAC7hDSCNGG4f3TBkyezgLFoWGtywbN2byH/2FIYlqe/W7wpasOVjD
	aLW/nER8YACcFVuHo0MSU/G+zVzbEnUaCe7YiJ2Qkx2xd9DqtP0LqNI6ouIsgJ7ZhXb1Ew
	wvcNTU6sCx2cZUlt0R5CZi7oaDPa5pQ6pWBuFgM5W8ORWAIUvGqsavlQESFwb5liE2KsB1
	DDLH5RPaDuYPvxz+LInZPvJSbuq7IAq0kLDFg4tv4zI7L/517TJa0y+aE5l4/Q==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1778174789; a=rsa-sha256; cv=none;
	b=EHT09Wf5KVr8YshYpQf23JDW1I/LzgwPp3n8JszUCb7bwpd+JgoFEDTtvaMrSr/5sRGtJJ
	kVy8ASBWGBAz/D59J0YmzeHMOvAPXqY3nxtfNxEpy+vZKjeNoLPOdx1AqnbJIt9yXkYQL4
	7Ma0Z7Ij+f/RwbtAVUcVUEynV2bEZc68ziT0t+zuKZLotQj+EL9kI897Y+jCIcCjlHlDxS
	QNIb1vPYusZUrKStGWgE28Xm1UCuwqt9fh9f7ICDZy6B6SurzNecKbcQCe7+pVyWDefUo3
	GcgWrVdE6JsdLbwztPjQ6wyygihTlMQ80HAsjaEGovRWRl+yQXdNnw9mVMNjSw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1778174789;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=xoBWzbVgimd3n8Xed2JlYD+7IjpfuhhPhiUy8ZuPhkI=;
	b=kveylPApxAp/VtTW3z0TS4uVHkkphWEicwbpe37uM1CAwYGh5PpeLeZ9f8lWA5TYCDmE+0
	MzwGzAtuEONIqKD1CkCjbftczqiVsLsTxuZIbXO8izDKfUhT6EV0clQnWuy9kvsk5Uk6Oz
	vJ6RJR4pPEKiDQwC1U3vt2E8waRzBW0LLi6s28+tmC9Zv62eknLo0JiZSAcYyXElP3N8R2
	ZE8ZNtqS+lr6nLkjxowwOAkP+PRsfcAJEjF7VTEbL0Nf5CfMo0pTfBQ7Bmwyws+gNA1aza
	BMAlihkyW9iuD8vKpxFYpPJ3TpTLZOLE0rM4eRxnIKCVnoCHtmae0A1k53ff0w==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gBK112wVKzcYW
	for <dev-commits-src-all@FreeBSD.org>; Thu, 07 May 2026 17:26:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 3c55e
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Thu, 07 May 2026 17:26:29 +0000
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Cc: Jan Bramkamp <crest+freebsd@rlwinm.de>
From: Kyle Evans <kevans@FreeBSD.org>
Subject: git: c35bb8ba8984 - stable/15 - jail: avoid leaking jail config fds to exec.* hooks
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
List-Id: <dev-commits-src-all.FreeBSD.org>
List-Post: <mailto:dev-commits-src-all@FreeBSD.org>
List-Help: <mailto:dev-commits-src-all+help@FreeBSD.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@FreeBSD.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@FreeBSD.org>
List-Owner: <mailto:postmaster@FreeBSD.org>
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kevans
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/15
X-Git-Reftype: branch
X-Git-Commit: c35bb8ba898482920bf9b57967a9a11f98a89c81
Auto-Submitted: auto-generated
Date: Thu, 07 May 2026 17:26:29 +0000
Message-Id: <69fccb45.3c55e.7b30f10a@gitrepo.freebsd.org>

The branch stable/15 has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=c35bb8ba898482920bf9b57967a9a11f98a89c81

commit c35bb8ba898482920bf9b57967a9a11f98a89c81
Author:     Jan Bramkamp <crest+freebsd@rlwinm.de>
AuthorDate: 2026-05-06 23:28:53 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2026-05-07 17:26:18 +0000

    jail: avoid leaking jail config fds to exec.* hooks
    
    The jail(8) command must not leave parsed configuration files open
    since the file descriptors will be leaked to child processes
    including the untrusted exec.start or exec.stop hooks.
    
    While fopen() doesn't provide direct access to O_CLOEXEC, it does
    provide access to FD_CLOEXEC via "e" in the mode string which
    provides the desired defense in depth against leaking file descriptors
    into exec.* hooks since those always execve() into a shell.
    
    Jail configuration is potentially sensitive and some hooks execute from
    within the jail context, leaving some opening for the jail to exfiltrate
    information about the host environment.
    
    (Commit message wordsmithed by kevans)
    
    PR:             295052
    Reviewed by:    kevans
    
    (cherry picked from commit 276d9b88a9e6fd6fd90e57c36444756ad297d2ab)
---
 usr.sbin/jail/config.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/jail/config.c b/usr.sbin/jail/config.c
index 1bad04ccde68..f1e2da215790 100644
--- a/usr.sbin/jail/config.c
+++ b/usr.sbin/jail/config.c
@@ -321,6 +321,7 @@ static void
 parse_config(const char *cfname, int is_stdin)
 {
 	struct cflex cflex = {.cfname = cfname, .error = 0};
+	FILE *yfp = NULL;
 	void *scanner;
 
 	yylex_init_extra(&cflex, &scanner);
@@ -328,7 +329,7 @@ parse_config(const char *cfname, int is_stdin)
 		cflex.cfname = "STDIN";
 		yyset_in(stdin, scanner);
 	} else {
-		FILE *yfp = fopen(cfname, "r");
+		yfp = fopen(cfname, "re");
 		if (!yfp)
 			err(1, "%s", cfname);
 		yyset_in(yfp, scanner);
@@ -336,6 +337,8 @@ parse_config(const char *cfname, int is_stdin)
 	if (yyparse(scanner) || cflex.error)
 		exit(1);
 	yylex_destroy(scanner);
+	if (yfp != NULL)
+		fclose(yfp);
 }
 
 /*