svn commit: r224463 - stable/7/usr.sbin/jail
Glen Barber
gjb at FreeBSD.org
Wed Jul 27 01:57:25 UTC 2011
Author: gjb (doc committer)
Date: Wed Jul 27 01:57:24 2011
New Revision: 224463
URL: http://svn.freebsd.org/changeset/base/224463
Log:
MFC 224286:
Document the potential for jail escape.
PR: 142341
Modified:
stable/7/usr.sbin/jail/jail.8
Directory Properties:
stable/7/usr.sbin/jail/ (props changed)
Modified: stable/7/usr.sbin/jail/jail.8
==============================================================================
--- stable/7/usr.sbin/jail/jail.8 Wed Jul 27 01:56:52 2011 (r224462)
+++ stable/7/usr.sbin/jail/jail.8 Wed Jul 27 01:57:24 2011 (r224463)
@@ -33,7 +33,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd January 17, 2010
+.Dd July 23, 2011
.Dt JAIL 8
.Os
.Sh NAME
@@ -708,3 +708,10 @@ Currently, the simplest answer is to min
offered on the host, possibly limiting it to services offered from
.Xr inetd 8
which is easily configurable.
+.Sh NOTES
+Great care should be taken when managing directories visible within the jail.
+For example, if a jailed process has its current working directory set to a
+directory that is moved out of the jail's chroot, then the process may gain
+access to the file space outside of the jail.
+It is recommended that directories always be copied, rather than moved, out
+of a jail.
More information about the svn-src-stable-7
mailing list