On 4 Feb 2014, at 10:05, Ivan Voras <ivo...@freebsd.org> wrote: > On 31 January 2014 18:28, James Gritton <ja...@freebsd.org> wrote: >> On 1/31/2014 5:34 AM, Robert Watson wrote: > >>> Frankly, I'd like to see this backed out and not reintroduced. If it must >>> be retained, then it needs a much more clear warning that enabling this >>> feature disables Jail's security model. Don't use the word 'obviate', >>> instead explicitly state that root within the jail can escape the jail. >> >> I'll do at least the next-best thing: back it out and hope to re-introduce >> it. Clearly it could use some further discussion. > > How about outputting both a kernel (i.e. logged) and userland messages > when the jail is created (or the parameter is changed, if it can?) > which say something like "DANGER! The root within this jail (jid=%d) > can escape the jail" or something like it? That seems reasonably loud.
At the very least, we need a more clear structuring and presentation of "insecure" options in the jail man page. E.g., a dedicated section for options that may have serious security consequences and a nice introduction to the section contextualising those concerns. Robert _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
