"Poul-Henning Kamp" <p...@phk.freebsd.dk> writes: > "Dag-Erling Smørgrav" <d...@des.no> writes: > >Jason Hellenthal <jh...@dataix.net> writes: > > > Do you know if there is a way that chmod on / from within the jail could > > > be prevented easily without breaking something ? Maybe not failing but > > > falling though and return 0 for any operation with the sole argument of /. > > Not without adding explicit checks in the kernel. > I identified this issue back when I implemented jails and though long > and hard about adding a kernel hack to paste over this. [...] I > think we should stick to [Getty's rule] before adding more or less > random pieces of magic to the kernel.
I vote no as well, but for a different reason: there are many other things the jailed root can do to the root directory, including flags, extended attributes, etc. (some of which are fs-dependent), and it would be difficult or impossible to identify all of them, not to mention those that aren't yet possible but will be in the future. Fixing just one (or two, or five) of them today might give users a false sense of security, which is inexcusable when we can give a *true* sense of security by telling them to "chmod 0700 $D/..". DES -- Dag-Erling Smørgrav - d...@des.no _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
