Jilles Tjoelker wrote:
On Thu, May 14, 2009 at 11:12:50AM -0600, Jamie Gritton wrote:
There's still a change to offer your input on the new jails before they
go in!  OK, given the lack of response so far, it's less "still a
chance" than "please?".  Current plans are to have this in place for
8.0, with connections to the ongoing Vimage work.  Hopefully the silence
is approval, and commits will likely be appearing soon.


I have not tried this, but I think this patch may allow jailed roots to
escape. The problem is that there is only one fd_jdir. The escape would
go like: jailed root creates a new jail in a subdirectory, opens its /
and sends the fd to a process in the new jail via a unix domain socket.
When the process calls fchdir on the fd, it will be able to access ..
normally.

With nested chroot, or chroot in jail, this is not possible, because
fd_jdir always contains the first jail or chroot done and will not allow
escaping from it; however, root in a level 2 chroot can escape back to
level 1 using chroot.


Indeed - considering how that was a major design point of jails, I'm not
sure how I missed it.  ".." processing will need to run up the jail
tree.  No big deal on performance and easily done, but embarrassing not
have had that in place already.
_______________________________________________
freebsd-virtualization@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to 
"freebsd-virtualization-unsubscr...@freebsd.org"

Reply via email to