mirror of
https://git.FreeBSD.org/src.git
synced 2025-01-23 16:01:42 +00:00
Warn about filesystem-based attacks.
This commit is contained in:
parent
5695afded4
commit
6cbae38f63
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=240563
@ -25,7 +25,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd May 23, 2012
|
||||
.Dd September 15, 2012
|
||||
.Dt JAIL 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -1225,3 +1225,11 @@ directory that is moved out of the jail's chroot, then the process may gain
|
||||
access to the file space outside of the jail.
|
||||
It is recommended that directories always be copied, rather than moved, out
|
||||
of a jail.
|
||||
.Pp
|
||||
In addition, there are several ways in which an unprivileged user
|
||||
outside the jail can cooperate with a privileged user inside the jail
|
||||
and thereby obtain elevated privileges in the host environment.
|
||||
Most of these attacks can be mitigated by ensuring that the jail root
|
||||
is not accessible to unprivileged users in the host environment.
|
||||
Regardless, as a general rule, untrusted users with privileged access
|
||||
to a jail should not be given access to the host environment.
|
||||
|
Loading…
Reference in New Issue
Block a user