svn commit: r261266 - in head: sys/dev/drm sys/kern sys/sys usr.sbin/jail
Robert N. M. Watson
rwatson at FreeBSD.org
Tue Feb 4 10:42:02 UTC 2014
On 4 Feb 2014, at 10:05, Ivan Voras <ivoras at freebsd.org> wrote:
> On 31 January 2014 18:28, James Gritton <jamie at freebsd.org> wrote:
>> On 1/31/2014 5:34 AM, Robert Watson wrote:
>
>>> Frankly, I'd like to see this backed out and not reintroduced. If it must
>>> be retained, then it needs a much more clear warning that enabling this
>>> feature disables Jail's security model. Don't use the word 'obviate',
>>> instead explicitly state that root within the jail can escape the jail.
>>
>> I'll do at least the next-best thing: back it out and hope to re-introduce
>> it. Clearly it could use some further discussion.
>
> How about outputting both a kernel (i.e. logged) and userland messages
> when the jail is created (or the parameter is changed, if it can?)
> which say something like "DANGER! The root within this jail (jid=%d)
> can escape the jail" or something like it? That seems reasonably loud.
At the very least, we need a more clear structuring and presentation of "insecure" options in the jail man page. E.g., a dedicated section for options that may have serious security consequences and a nice introduction to the section contextualising those concerns.
Robert
More information about the svn-src-all
mailing list