cvs commit: src/sys/ufs/ufs ufs_vnops.c
Pawel Jakub Dawidek
pjd at FreeBSD.org
Sun Aug 22 05:21:58 PDT 2004
On Sun, Aug 22, 2004 at 02:03:41AM +0000, Christian S.J. Peron wrote:
+> csjp 2004-08-22 02:03:41 UTC
+>
+> FreeBSD src repository
+>
+> Modified files:
+> sys/ufs/ufs ufs_vnops.c
+> Log:
+> Currently, if the secure level is low enough, system flags can
+> be manipulated by prison root. In 4.x prison root can not manipulate
+> system flags, regardless of the security level. This behavior
+> should remain consistent to avoid any surprises which could lead
+> to security problems for system administrators which give out
+> privileged access to jails.
+>
+> This commit changes suser_cred's flag argument from SUSER_ALLOWJAIL
+> to 0. This will prevent prison root from being able to manipulate
+> system flags on files.
+>
+> This may be a MFC candidate for RELENG_5.
In 5.x we are able to set securelevel per jail, so jail's system
administrator can increase securelevel if he needs this behaviour.
I agree, that we should stay consistent with 4.x, that's why we should
put this under some sysctl with default value, that keeps 4.x
behaviour, but it could be changed if jail's system administrator wants
to take control over system flags.
--
Pawel Jakub Dawidek http://www.FreeBSD.org
pjd at FreeBSD.org http://garage.freebsd.pl
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-src/attachments/20040822/abf4da91/attachment.bin
More information about the cvs-src
mailing list