Document the potential for jail escape.
Submitted by: Vedad KAJTAZ (vedad % kajtaz net) PR: 142341 Reviewed by: bz, rwatson Rewording by: rwatson Approved by: re (kensmith) MFC after: 3 days
This commit is contained in:
Glen Barber
parent
5d5140280b
commit
1f897ce116
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=224286
@ -34,7 +34,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd January 17, 2010
|
||||
.Dd July 23, 2011
|
||||
.Dt JAIL 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -907,3 +907,10 @@ Currently, the simplest answer is to minimize services
|
||||
offered on the host, possibly limiting it to services offered from
|
||||
.Xr inetd 8
|
||||
which is easily configurable.
|
||||
.Sh NOTES
|
||||
Great care should be taken when managing directories visible within the jail.
|
||||
For example, if a jailed process has its current working directory set to a
|
||||
directory that is moved out of the jail's chroot, then the process may gain
|
||||
access to the file space outside of the jail.
|
||||
It is recommended that directories always be copied, rather than moved, out
|
||||
of a jail.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user