svn commit: r224462 - stable/8/usr.sbin/jail

Jason Hellenthal jhell at DataIX.net
Thu Jul 28 02:47:37 UTC 2011 


On Wed, Jul 27, 2011 at 01:56:52AM +0000, Glen Barber wrote:
> Author: gjb (doc committer)
> Date: Wed Jul 27 01:56:52 2011
> New Revision: 224462
> URL: http://svn.freebsd.org/changeset/base/224462
> 
> Log:
>   MFC 224286:
>   
>   Document the potential for jail escape.
>   
>   PR:		142341
> 
> Modified:
>   stable/8/usr.sbin/jail/jail.8
> Directory Properties:
>   stable/8/usr.sbin/jail/   (props changed)
> 
> Modified: stable/8/usr.sbin/jail/jail.8
> ==============================================================================
> --- stable/8/usr.sbin/jail/jail.8	Tue Jul 26 20:51:58 2011	(r224461)
> +++ stable/8/usr.sbin/jail/jail.8	Wed Jul 27 01:56:52 2011	(r224462)
> @@ -34,7 +34,7 @@
>  .\"
>  .\" $FreeBSD$
>  .\"
> -.Dd January 17, 2010
> +.Dd July 23, 2011
>  .Dt JAIL 8
>  .Os
>  .Sh NAME
> @@ -913,3 +913,10 @@ Currently, the simplest answer is to min
>  offered on the host, possibly limiting it to services offered from
>  .Xr inetd 8
>  which is easily configurable.
> +.Sh NOTES
> +Great care should be taken when managing directories visible within the jail.
> +For example, if a jailed process has its current working directory set to a
> +directory that is moved out of the jail's chroot, then the process may gain
> +access to the file space outside of the jail.
> +It is recommended that directories always be copied, rather than moved, out
> +of a jail.

How is either one of these different ?

All mv(1) is doing is a cp(1) & rm(1). In either case the filehandle is
still broken and a process is not going to just get up and move with it.
On the other side though if you copied a pipe or socket or something
similiar for example into a jail then it might make whatever is outside
available to the jailed environment.

Is there something I am misunderstanding about this ? has the way cp(1),
rm(1) & mv(1) been changed recently ? or is this wording a little off ?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 522 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/svn-src-all/attachments/20110728/011f01da/attachment.pgp

More information about the svn-src-all mailing list