Bug 157345

Summary: Re: docs/156853: [patch] Update docs: jail(8) security issues with world-readable jail root
Product: Documentation Reporter: Kostik Belousov <kostikbel>
Component: Books & ArticlesAssignee: freebsd-doc (Nobody) <doc>
Status: Closed FIXED    
Severity: Affects Only Me CC: cperciva
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Kostik Belousov 2011-05-26 13:10:12 UTC 
 --B/AgRt1PX8m/BMcI
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 On Thu, May 26, 2011 at 08:32:08AM +0100, Chris Rees wrote:
 > I referenced a conversation earlier:
 How can you reference a private conversation in the public documentation ?
 
 Anyway, I was unable to make any sense of the referenced sentence,
 and I still cannot understand what the talk below is about.

 > On 22 May 2011 20:32, Chris Rees <utisoft@gmail.com> wrote:
 >=20
 > > From IRC (I don't want to attribute without permission):
 > >
 > > user in jail1 passes fd to directory to user in jail2
 > > if these are disjoint jails, the kernel will not know to restrict the
 > > process in jail2 to any jail base directory
 > > (the process in jail2 will fchdir(fd), chdir("../../../../.."))
 > > man 4 unix, /SCM_RIGHTS
 > > though this is only an issue if one of the untrusted users can write
 >=20
 >=20
 > Chris
 
 --B/AgRt1PX8m/BMcI
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (FreeBSD)
 
 iEYEARECAAYFAk3eQOMACgkQC3+MBN1Mb4hxUwCfUldycc/jQVY8A0DfAM3DhZY6
 T4EAn0KEqMFIqyzt3k1LF7cA/4A/D7k0
 =xiK9
 -----END PGP SIGNATURE-----
 
 --B/AgRt1PX8m/BMcI--
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2011-05-26 15:03:09 UTC 
State Changed
From-To: open->closed

Misfiled followup to docs/156853; content migrated.
Comment 2 Mark Linimon freebsd_committer freebsd_triage 2011-05-26 15:03:09 UTC 
Responsible Changed
From-To: gnats-admin->freebsd-doc