Bug 21769

Summary: jail problem
Product: Base System Reporter: Kalou <pb>
Component: kernAssignee: Robert Watson <rwatson>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Unspecified   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description Kalou 2000-10-05 16:20:01 UTC 
	A jailed superuser is able to unmount a directory, provided the
        fact that this directory is under his jail root directory.

	The problem lies in the way uid is checked. Where user.creds are
        compared to object.creds, if uid == 0, the suser()-in-jail-like 
        behaviour is not true anymore. This may be true for other protection 
        checks (ipc, nicing of processes, what else.. ?)

How-To-Repeat: 
	I'm so sorry i don't have an example right there. Just email
        me back for the C source I tested this with.
Comment 1 Robert Watson freebsd_committer freebsd_triage 2000-10-05 16:36:58 UTC 
Responsible Changed
From-To: freebsd-bugs->rwatson

I'm chasing these bugs.
Comment 2 Robert Watson freebsd_committer freebsd_triage 2001-11-26 19:11:15 UTC 
State Changed
From-To: open->closed

Committed to -CURRENT as part of vfs_syscalls.c:1.207