https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295052
Bug ID: 295052
Summary: The jail(8) command leaks potentially sensitive file
descriptors to exec.* hooks.
Product: Base System
Version: 15.0-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: conf
Assignee: [email protected]
Reporter: [email protected]
The jail(8) command does not close configuration files after parsing them.
These configuration files can contain secrets for multiple jails e.g. API
tokens.
The file descriptors behind the FILE handles are left open after parse_config()
is done parsing the configuration. These file descriptors are later inherited
by all child processes jail(8) forks e.g. the exec.* hooks. Some of these hooks
run inside individual jails (exec.start, exec.stop) and should **NOT** be
considered trusted by the host or other jails. As such this is an information
leak across trust boundaries.
--
You are receiving this mail because:
You are the assignee for the bug.
