https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215250
Jamie Gritton <ja...@freebsd.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ja...@freebsd.org
Resolution|--- |Works As Intended
Status|New |Closed
--- Comment #2 from Jamie Gritton <ja...@freebsd.org> ---
Yes, it's expected behavior. It's not so much a "break" as being pulled out of
the jail by an administrator with proper permission who presumably knows what
he's doing.
Preventing an assisted break like this would be doable, but would involve
either tracing all .. traversals back to at least a prison root, or attaching a
prison reference to every directory in the vnode cache. Both of those seem to
be a bit of overkill.
I have to admin I've done the very thing in the example: temporarily moving
/usr/ports to a jail. Lately I've gone with nullfs instead, which doesn't open
this hole.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
