From nobody Thu May 07 17:27:06 2026
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gBK1k3jyPz6ctZM
	for <dev-commits-src-all@mlmmj.nyi.freebsd.org>; Thu, 07 May 2026 17:27:06 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4gBK1k1D6lz3mvc
	for <dev-commits-src-all@FreeBSD.org>; Thu, 07 May 2026 17:27:06 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1778174826;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=B5xx2/XbcUW8c4BRnsa2fI9GyUlMVUtAqbIFechaX88=;
	b=pb3h6ef/WdVubPL44qwYa9AavxOA9ONFdqB5B6b9uVezFoIfy79RMs+o9geVMltngWmLX/
	eqClcmLHCb6A/J0LY2U/YfZUQuu+y1CmlTUVCxGc5Ve6PR7abbd6sdCXsebXTXx+WmeLta
	X6qWKm3FCNN0wLSaXs3WpqKlJOdlcMRaBknw6DTb4kkqj5EkpJcqknbY9wf9UcxuKUcmhB
	/9vyJ+o+wTKTZOXgEV2TrmRu9AE5jkfhb1/FGIRopTTXPDK2Pxsssi2xLRXsrYgScbBhgJ
	aWNqy081c2jftevZQKlHUO4Nx12Bl7jvEhyuWqX7eFFXRQBzOZ6yRW9wrbz/Hg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1778174826; a=rsa-sha256; cv=none;
	b=ZB0DTcnKjulMk3mpHBEwt10W6w3oRR13ydT9T9iXeSKY5tm6t85sXStfWu8HcaL84IOrKq
	HxoAQDozaNhlClQzxvGzSwCmqS5LttDZCZiTEHLG2HkQ5PNlngeH88se9pjWJhn2fGh1j4
	mnINhVGpjCRsz/1hvx4lmwLW7Q5QSPZAnfvrWwXCGsgP0iXIKQTRvmyl+Um939t6ciR8lU
	LmX3zTx7Sb55u1Gp3DNUR0bLst0/r4TsMiKJAD5+TOwvhv5j8E7t70Zeu8y4ebOs3/omkn
	5cIKYCCiczIEEDJsHsCS9/2E1OKt+wcGjEGHicXviXWu7R+WnvUDbbSRsJqVfg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1778174826;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=B5xx2/XbcUW8c4BRnsa2fI9GyUlMVUtAqbIFechaX88=;
	b=cY5bbf/NNg20M4qhhBOPQId6DJJ+IkApv5zZ4WYyVVk2GvsD2Jk3R2MnjX6v0kHeB9ADdA
	nAokPQf6Pv7i+pj4uvi6j1n/40MceMKJEMdGhYoCZqILcHLqHKKrIQPvhjFNjKwJFxiumc
	KN1mWRjcwK6MjdnWqJLFBsH30GBAranhigdq1x2VJG/pe9ua4Zfmubjm5j7JEyEWp881Lg
	CLHqjPmMypXIPrRI0X4JJGZ/loEePRyZBdy1g1cza1MaYjC3ZrOftTqFYhYGCQvmz/zhbB
	in2uYZzD3lhHl2XSq+JPgucdy5CWu9fv+tZUucYGy7u8jH5j/riAIZWVyBK1pw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gBK1k0FN6zcWG
	for <dev-commits-src-all@FreeBSD.org>; Thu, 07 May 2026 17:27:06 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 3d178
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Thu, 07 May 2026 17:27:06 +0000
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Cc: Jan Bramkamp <crest+freebsd@rlwinm.de>
From: Kyle Evans <kevans@FreeBSD.org>
Subject: git: 187de25ef99e - stable/14 - jail: avoid leaking jail config fds to exec.* hooks
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
List-Id: <dev-commits-src-all.FreeBSD.org>
List-Post: <mailto:dev-commits-src-all@FreeBSD.org>
List-Help: <mailto:dev-commits-src-all+help@FreeBSD.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@FreeBSD.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@FreeBSD.org>
List-Owner: <mailto:postmaster@FreeBSD.org>
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kevans
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 187de25ef99e49dd7a6a4bfa630f10ab9571ef17
Auto-Submitted: auto-generated
Date: Thu, 07 May 2026 17:27:06 +0000
Message-Id: <69fccb6a.3d178.a311759@gitrepo.freebsd.org>

The branch stable/14 has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=187de25ef99e49dd7a6a4bfa630f10ab9571ef17

commit 187de25ef99e49dd7a6a4bfa630f10ab9571ef17
Author:     Jan Bramkamp <crest+freebsd@rlwinm.de>
AuthorDate: 2026-05-06 23:28:53 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2026-05-07 17:27:03 +0000

    jail: avoid leaking jail config fds to exec.* hooks
    
    The jail(8) command must not leave parsed configuration files open
    since the file descriptors will be leaked to child processes
    including the untrusted exec.start or exec.stop hooks.
    
    While fopen() doesn't provide direct access to O_CLOEXEC, it does
    provide access to FD_CLOEXEC via "e" in the mode string which
    provides the desired defense in depth against leaking file descriptors
    into exec.* hooks since those always execve() into a shell.
    
    Jail configuration is potentially sensitive and some hooks execute from
    within the jail context, leaving some opening for the jail to exfiltrate
    information about the host environment.
    
    (Commit message wordsmithed by kevans)
    
    PR:             295052
    Reviewed by:    kevans
    
    (cherry picked from commit 276d9b88a9e6fd6fd90e57c36444756ad297d2ab)
---
 usr.sbin/jail/config.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/jail/config.c b/usr.sbin/jail/config.c
index 4465839cba0b..5cf2e34a8340 100644
--- a/usr.sbin/jail/config.c
+++ b/usr.sbin/jail/config.c
@@ -321,6 +321,7 @@ static void
 parse_config(const char *cfname, int is_stdin)
 {
 	struct cflex cflex = {.cfname = cfname, .error = 0};
+	FILE *yfp = NULL;
 	void *scanner;
 
 	yylex_init_extra(&cflex, &scanner);
@@ -328,7 +329,7 @@ parse_config(const char *cfname, int is_stdin)
 		cflex.cfname = "STDIN";
 		yyset_in(stdin, scanner);
 	} else {
-		FILE *yfp = fopen(cfname, "r");
+		yfp = fopen(cfname, "re");
 		if (!yfp)
 			err(1, "%s", cfname);
 		yyset_in(yfp, scanner);
@@ -336,6 +337,8 @@ parse_config(const char *cfname, int is_stdin)
 	if (yyparse(scanner) || cflex.error)
 		exit(1);
 	yylex_destroy(scanner);
+	if (yfp != NULL)
+		fclose(yfp);
 }
 
 /*