svn commit: r261266 - in head: sys/dev/drm sys/kern sys/sys usr.sbin/jail
Robert Watson
rwatson at FreeBSD.org
Fri Jan 31 12:34:56 UTC 2014
On Wed, 29 Jan 2014, Alexander Leidinger wrote:
>> It does. I included a warning in jail.8 that this will pretty much undo
>> jail security. There are still reasons some may want to do this, but it's
>> definitely not for everyone or even most people.
>
> It only "unjails" (= basically the same security level as the jail-host with
> the added benefit of the flexibility of a jail like easy moving from one
> system to another) the jail which has this flag set. All other jails without
> the flag can not "escape" to the host.
>
> I also have to add that just setting this flag does not give access to the
> host, you also have to configure a non-default devfs rule for this jail (to
> have the devices appear in the jail).
This is not correct: devices do not need to be delegated in devfs for PRIV_IO
to allow bypass of the Jail security model, due to sysarch() and the
Linux-emulated equivalent, which turn out direct I/O access from a user
process without use of a device node.
Frankly, I'd like to see this backed out and not reintroduced. If it must be
retained, then it needs a much more clear warning that enabling this feature
disables Jail's security model. Don't use the word 'obviate', instead
explicitly state that root within the jail can escape the jail.
Robert
More information about the svn-src-head
mailing list