sysrc(8) -- a sysctl(8)-like utility for managing rc.conf(5)
Pawel Jakub Dawidek
pjd at FreeBSD.org
Tue Oct 19 20:20:18 UTC 2010
On Tue, Oct 19, 2010 at 10:50:29AM -0700, Devin Teske wrote:
> I added `-j jail' for specifying a jail id or name to operate within
> (requires jls(8); overrides `-R dir').
[...]
Note that operating on jail files from outside a jail is serious
security problem. The files from within the jail can be symbolic links
that point to files from outside a jail from your perspective. Even
chroot(2) to jail's root is neither safe (running applications that can
be modified by jail's root is obvious security hole) nor reliable (jail
might not have all the commands). The only safe way is to jexec(8) into
a jail, but it of course has the same relialability issue as chroot(8).
--
Pawel Jakub Dawidek http://www.wheelsystems.com
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-rc/attachments/20101019/21e1baea/attachment.pgp
More information about the freebsd-rc
mailing list