svn commit: r224475 - head/usr.sbin/jail
Benedict Reuschling
bcr at FreeBSD.org
Thu Jul 28 11:41:56 UTC 2011
Author: bcr (doc committer)
Date: Thu Jul 28 11:41:55 2011
New Revision: 224475
URL: http://svn.freebsd.org/changeset/base/224475
Log:
Add a section to the jail chapter that explains why it is not
recommended to allow root users in the jail to access the host system.
PR: docs/156853
Submitted by: crees
Patch by: crees
Approved by: re (kib) for BETA1
Modified:
head/usr.sbin/jail/jail.8
Modified: head/usr.sbin/jail/jail.8
==============================================================================
--- head/usr.sbin/jail/jail.8 Thu Jul 28 10:16:30 2011 (r224474)
+++ head/usr.sbin/jail/jail.8 Thu Jul 28 11:41:55 2011 (r224475)
@@ -34,7 +34,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd July 23, 2011
+.Dd July 28, 2011
.Dt JAIL 8
.Os
.Sh NAME
@@ -914,3 +914,8 @@ directory that is moved out of the jail'
access to the file space outside of the jail.
It is recommended that directories always be copied, rather than moved, out
of a jail.
+.Pp
+It is also not recommended that users allowed root in the jail be allowed
+access to the host system.
+For example, a root user in a jail can create a setuid root utility that
+could be run in the host system to achieve elevated privileges.
More information about the svn-src-all
mailing list