Bug 204897 - [jail] Jail names cannot start with a '0', resulting in 'jail: name cannot be numeric (unless it is the jid)'
Summary: [jail] Jail names cannot start with a '0', resulting in 'jail: name cannot be...
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 10.2-RELEASE
Hardware: Any Any
: --- Affects Some People
Assignee: Jamie Gritton
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2015-11-29 18:13 UTC by Sergey Zakharchenko
Modified: 2015-12-18 00:34 UTC (History)
1 user (show)

See Also:


Attachments
Untested sample patch (413 bytes, patch)
2015-11-29 18:13 UTC, Sergey Zakharchenko
no flags Details | Diff
check for non-numeric or canonical jid (858 bytes, patch)
2015-12-10 19:19 UTC, Jamie Gritton
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sergey Zakharchenko 2015-11-29 18:13:10 UTC
Created attachment 163656 [details]
Untested sample patch

If, for example, the following command starts a jail:

# jail -n someday ...

and so does the following command:

# jail -n 1day ...

this one doesn't:

# jail -n 0day /var/empty empty 10.0.0.1 /bin/sh
jail: name cannot be numeric (unless it is the jid)

Apart from people making up stupid names for jails, this affects anyone trying to run Docker on FreeBSD. The behavior is due to a bug in sys/kern/kern_jail.c's detection of numeric JIDs, which dates back to 2009:

https://svnweb.freebsd.org/base/head/sys/kern/kern_jail.c?revision=285685&view=markup

> else if (*namelc == '0' || (strtoul(namelc, &p, 10) != jid && *p == '\0')))

It thinks everything that starts with a '0' is numeric, and doesn't
check that it's the only character, e.g. namelc[1] == '\0'. Untested sample patch is attached.
Comment 1 Jamie Gritton freebsd_committer 2015-12-10 19:19:30 UTC
Created attachment 164084 [details]
check for non-numeric or canonical jid

I'm trying to remember a few years back, but I think the reason I checked for namelc[0] == '0' is to weed out leading zeroes (since the "!= jid" test will already catch a name of "0").  That was clearly not done right.

This patch will allow any name that's not fully numeric, such as your "0day" example, also the jid in normal form (no leading zero, space, '+'), but no other fully numeric names.  I'll submit it shortly unless anyone sees some problem.
Comment 2 commit-hook freebsd_committer 2015-12-15 17:25:18 UTC
A commit references this bug:

Author: jamie
Date: Tue Dec 15 17:25:00 UTC 2015
New revision: 292277
URL: https://svnweb.freebsd.org/changeset/base/292277

Log:
  Fix jail name checking that disallowed anything that starts with '0'.
  The intention was to just limit leading zeroes on numeric names.  That
  check is now improved to also catch the leading spaces and '+' that
  strtoul can pass through.

  PR:		204897
  MFC after:	3 days

Changes:
  head/sys/kern/kern_jail.c
Comment 3 commit-hook freebsd_committer 2015-12-18 00:33:51 UTC
A commit references this bug:

Author: jamie
Date: Fri Dec 18 00:33:03 UTC 2015
New revision: 292415
URL: https://svnweb.freebsd.org/changeset/base/292415

Log:
  MFC r292277:

    Fix jail name checking that disallowed anything that starts with '0'.
    The intention was to just limit leading zeroes on numeric names.  That
    check is now improved to also catch the leading spaces and '+' that
    strtoul can pass through.

  PR:		204897

Changes:
_U  stable/9/sys/
  stable/9/sys/kern/kern_jail.c
Comment 4 commit-hook freebsd_committer 2015-12-18 00:33:53 UTC
A commit references this bug:

Author: jamie
Date: Fri Dec 18 00:33:04 UTC 2015
New revision: 292416
URL: https://svnweb.freebsd.org/changeset/base/292416

Log:
  MFC r292277:

    Fix jail name checking that disallowed anything that starts with '0'.
    The intention was to just limit leading zeroes on numeric names.  That
    check is now improved to also catch the leading spaces and '+' that
    strtoul can pass through.

  PR:		204897

Changes:
_U  stable/10/
  stable/10/sys/kern/kern_jail.c