Bug 193129 - [jail] exec.start with exec.system_user doesn't set gid
Summary: [jail] exec.start with exec.system_user doesn't set gid
Status: Closed DUPLICATE of bug 195984
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-jail (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-08-29 18:25 UTC by Richard Russo
Modified: 2015-03-09 03:22 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Richard Russo 2014-08-29 18:25:16 UTC 
When starting a jail with /usr/sbin/jail -c, the start command is run with uid, effective uid and effective gid set properly, but real gid isn't set, so it's still zero from running jail as root.

In addition to any issues from retaining gid 0, this also has the effect that the process is considered setugid and tainted, so coredumps, signals, etc are restricted.

/usr/sbin/jexec does properly set the gid.
Comment 1 Jamie Gritton freebsd_committer freebsd_triage 2015-03-09 03:22:04 UTC 
Yes, this was filed first and technical 195984 is the duplicate.  But I was aware of only 195984 when I fixed it.

*** This bug has been marked as a duplicate of bug 195984 ***