svn commit: r224475 - head/usr.sbin/jail
Ben Kaduk
minimarmot at gmail.com
Thu Jul 28 15:12:16 UTC 2011
On Thu, Jul 28, 2011 at 7:41 AM, Benedict Reuschling <bcr at freebsd.org> wrote:
> Author: bcr (doc committer)
> Date: Thu Jul 28 11:41:55 2011
> New Revision: 224475
> URL: http://svn.freebsd.org/changeset/base/224475
>
> Log:
> Add a section to the jail chapter that explains why it is not
> recommended to allow root users in the jail to access the host system.
>
> PR: docs/156853
> Submitted by: crees
> Patch by: crees
> Approved by: re (kib) for BETA1
>
> Modified:
> head/usr.sbin/jail/jail.8
>
> Modified: head/usr.sbin/jail/jail.8
> ==============================================================================
> --- head/usr.sbin/jail/jail.8 Thu Jul 28 10:16:30 2011 (r224474)
> +++ head/usr.sbin/jail/jail.8 Thu Jul 28 11:41:55 2011 (r224475)
> @@ -34,7 +34,7 @@
> .\"
> .\" $FreeBSD$
> .\"
> -.Dd July 23, 2011
> +.Dd July 28, 2011
> .Dt JAIL 8
> .Os
> .Sh NAME
> @@ -914,3 +914,8 @@ directory that is moved out of the jail'
> access to the file space outside of the jail.
> It is recommended that directories always be copied, rather than moved, out
> of a jail.
> +.Pp
> +It is also not recommended that users allowed root in the jail be allowed
> +access to the host system.
> +For example, a root user in a jail can create a setuid root utility that
> +could be run in the host system to achieve elevated privileges.
Per rwatson's comment on the other jail.8 thread we've got going, we
might recommend that the separate file system for a jail might also be
mounted nosuid, which would close off this class of attack.
I don't have a good sense of whether suid applications are frequently
useful/needed inside a jail, though.
-Ben Kaduk
More information about the svn-src-all
mailing list