Bug 157335

Summary: Re: docs/156853: [patch] Update docs: jail(8) security issues with world-readable jail root
Product: Documentation Reporter: Chris Rees <utisoft>
Component: Books & ArticlesAssignee: freebsd-doc (Nobody) <doc>
Status: Closed FIXED    
Severity: Affects Only Me CC: cperciva
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Chris Rees 2011-05-26 08:40:04 UTC 
 On 26 May 2011 01:18, Kostik Belousov <kostikbel@gmail.com> wrote:
 
 > Now you are referencing some unspecified "file descriptors" handling
 > issues that are present for nullfs but not for NFS. What are they ?
 
 I referenced a conversation earlier:
 
 On 22 May 2011 20:32, Chris Rees <utisoft@gmail.com> wrote:
 
 > From IRC (I don't want to attribute without permission):
 >
 > user in jail1 passes fd to directory to user in jail2
 > if these are disjoint jails, the kernel will not know to restrict the
 > process in jail2 to any jail base directory
 > (the process in jail2 will fchdir(fd), chdir("../../../../.."))
 > man 4 unix, /SCM_RIGHTS
 > though this is only an issue if one of the untrusted users can write
 
 
 Chris
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2011-05-26 15:03:09 UTC 
State Changed
From-To: open->closed

Misfiled followup to docs/156853; content migrated.
Comment 2 Mark Linimon freebsd_committer freebsd_triage 2011-05-26 15:03:09 UTC 
Responsible Changed
From-To: gnats-admin->freebsd-doc