1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-23 16:01:42 +00:00

Warn about filesystem-based attacks.

This commit is contained in:
Dag-Erling Smørgrav 2012-09-16 15:22:15 +00:00
parent 5695afded4
commit 6cbae38f63
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=240563

View File

@ -25,7 +25,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd May 23, 2012
.Dd September 15, 2012
.Dt JAIL 8
.Os
.Sh NAME
@ -1225,3 +1225,11 @@ directory that is moved out of the jail's chroot, then the process may gain
access to the file space outside of the jail.
It is recommended that directories always be copied, rather than moved, out
of a jail.
.Pp
In addition, there are several ways in which an unprivileged user
outside the jail can cooperate with a privileged user inside the jail
and thereby obtain elevated privileges in the host environment.
Most of these attacks can be mitigated by ensuring that the jail root
is not accessible to unprivileged users in the host environment.
Regardless, as a general rule, untrusted users with privileged access
to a jail should not be given access to the host environment.