[Bug 295052] The jail(8) command leaks potentially sensitive file descriptors to exec.* hooks.

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 295052] The jail(8) command leaks potentially sensitive file descriptors to exec.* hooks."
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 295052] The jail(8) command leaks potentially sensitive file descriptors to exec.* hooks."
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 295052] The jail(8) command leaks potentially sensitive file descriptors to exec.* hooks."
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 06 May 2026 12:06:28 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295052

            Bug ID: 295052
           Summary: The jail(8) command leaks potentially sensitive file
                    descriptors to exec.* hooks.
           Product: Base System
           Version: 15.0-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: conf
          Assignee: bugs@FreeBSD.org
          Reporter: crest@bultmann.eu

The jail(8) command does not close configuration files after parsing them.
These configuration files can contain secrets for multiple jails e.g. API
tokens.

The file descriptors behind the FILE handles are left open after parse_config()
is done parsing the configuration. These file descriptors are later inherited
by all child processes jail(8) forks e.g. the exec.* hooks. Some of these hooks
run inside individual jails (exec.start, exec.stop) and should **NOT** be
considered trusted by the host or other jails. As such this is an information
leak across trust boundaries.

-- 
You are receiving this mail because:
You are the assignee for the bug.