Created attachment 163656 [details] Untested sample patch If, for example, the following command starts a jail: # jail -n someday ... and so does the following command: # jail -n 1day ... this one doesn't: # jail -n 0day /var/empty empty 10.0.0.1 /bin/sh jail: name cannot be numeric (unless it is the jid) Apart from people making up stupid names for jails, this affects anyone trying to run Docker on FreeBSD. The behavior is due to a bug in sys/kern/kern_jail.c's detection of numeric JIDs, which dates back to 2009: https://svnweb.freebsd.org/base/head/sys/kern/kern_jail.c?revision=285685&view=markup > else if (*namelc == '0' || (strtoul(namelc, &p, 10) != jid && *p == '\0'))) It thinks everything that starts with a '0' is numeric, and doesn't check that it's the only character, e.g. namelc[1] == '\0'. Untested sample patch is attached.
Created attachment 164084 [details] check for non-numeric or canonical jid I'm trying to remember a few years back, but I think the reason I checked for namelc[0] == '0' is to weed out leading zeroes (since the "!= jid" test will already catch a name of "0"). That was clearly not done right. This patch will allow any name that's not fully numeric, such as your "0day" example, also the jid in normal form (no leading zero, space, '+'), but no other fully numeric names. I'll submit it shortly unless anyone sees some problem.
A commit references this bug: Author: jamie Date: Tue Dec 15 17:25:00 UTC 2015 New revision: 292277 URL: https://svnweb.freebsd.org/changeset/base/292277 Log: Fix jail name checking that disallowed anything that starts with '0'. The intention was to just limit leading zeroes on numeric names. That check is now improved to also catch the leading spaces and '+' that strtoul can pass through. PR: 204897 MFC after: 3 days Changes: head/sys/kern/kern_jail.c
A commit references this bug: Author: jamie Date: Fri Dec 18 00:33:03 UTC 2015 New revision: 292415 URL: https://svnweb.freebsd.org/changeset/base/292415 Log: MFC r292277: Fix jail name checking that disallowed anything that starts with '0'. The intention was to just limit leading zeroes on numeric names. That check is now improved to also catch the leading spaces and '+' that strtoul can pass through. PR: 204897 Changes: _U stable/9/sys/ stable/9/sys/kern/kern_jail.c
A commit references this bug: Author: jamie Date: Fri Dec 18 00:33:04 UTC 2015 New revision: 292416 URL: https://svnweb.freebsd.org/changeset/base/292416 Log: MFC r292277: Fix jail name checking that disallowed anything that starts with '0'. The intention was to just limit leading zeroes on numeric names. That check is now improved to also catch the leading spaces and '+' that strtoul can pass through. PR: 204897 Changes: _U stable/10/ stable/10/sys/kern/kern_jail.c