https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288104
--- Comment #2 from [email protected] --- Also the usual defence of a directory with 0700 permissions as parent of the jail root directory to prevent an unprivileged user from entering the jail file system can't be used if jails are supposed to communicate via unix sockets bound to shared directories. Mounting the nullfs with nosetuid offers no protection because the passed setuid binary can be from any filesystem the jail has write access to that isn't mounted with nosetuid. Checking the setuid bit when passing the file descriptor(s) is also not good enough because the setuid flag could be added to the file after the descriptor has been externalized. -- You are receiving this mail because: You are the assignee for the bug.
