Bug 55482

Summary: document the fact that DUMP has access to block devices in a JAIL
Product: Documentation Reporter: slave-mike <slave-mike>
Component: Books & ArticlesAssignee: freebsd-doc (Nobody) <doc>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description slave-mike 2003-08-12 04:00:30 UTC 
 
          A jailed root user can use DUMP and gain a snapshot of the entire disk.
          From there the jailed root user can restore files from the HOST SYSTEM
          or any other jails at their leisure.
 
          Even if DEVFS is not mounted, a root user could possibly create a
          device node anyways, and one needs TTYS anyways.
 
          Some sort of check is not occurring in the disk access code that
          is needed to prevent JAILED users ANY raw access to the disk.

Fix: 

Add security checks on device access to prevent jailed users
          from gaining access to things they don't need access to.
 
          If this is a setting which can be changed, the default behavior
          needs to be more security conscious, or at least very very very
          clearly documented.
How-To-Repeat: 
          Run DUMP in a jailed environment.
Comment 1 Ceri Davies freebsd_committer freebsd_triage 2003-08-12 19:51:09 UTC 
Responsible Changed
From-To: gnats-admin->freebsd-bugs

Reassign misfiled PR.
Comment 2 Ceri Davies freebsd_committer freebsd_triage 2003-08-12 19:56:19 UTC 
State Changed
From-To: open->closed

This behaviour can be mitigated by use of devfs(8) to remove undesired 
devices from the jailed /dev.  There also exists a facility in /etc/rc.d/devfs 
to impose devfs rules on boot, via /etc/devfs.conf. 

However, there is no manpage for devfs.conf, and I suspect that there does 
deserve to be one, so I am reassigning this as a doc-bug.
Comment 3 Ceri Davies freebsd_committer freebsd_triage 2003-08-12 19:59:07 UTC 
State Changed
From-To: closed->open

I meant to reassign this to doc, and not close it.
Comment 4 Ceri Davies freebsd_committer freebsd_triage 2003-08-12 19:59:07 UTC 
Class Changed
From-To: sw-bug->doc-bug

I meant to reassign this to doc, and not close it.
Comment 5 Ceri Davies freebsd_committer freebsd_triage 2003-08-12 19:59:07 UTC 
Responsible Changed
From-To: freebsd-bugs->freebsd-doc

I meant to reassign this to doc, and not close it.
Comment 6 colin.percival 2004-01-03 22:16:21 UTC 
Just a slight correction, for the archives: devfs rules
go in /etc/devfs.rules, not /etc/devfs.conf

Colin Percival
Comment 7 Mark Linimon freebsd_committer freebsd_triage 2005-12-24 03:09:50 UTC 
State Changed
From-To: open->suspended

Mark suspended awaiting patches.
Comment 8 Remko Lodder freebsd_committer freebsd_triage 2007-02-19 13:01:28 UTC 
State Changed
From-To: suspended->closed

there is a devfs.conf manual page now