freebsd-dev

History

Christian S.J. Peron 60088fb7b1 Currently, if the secure level is low enough, system flags can be manipulated by prison root. In 4.x prison root can not manipulate system flags, regardless of the security level. This behavior should remain consistent to avoid any surprises which could lead to security problems for system administrators which give out privileged access to jails. This commit changes suser_cred's flag argument from SUSER_ALLOWJAIL to 0. This will prevent prison root from being able to manipulate system flags on files. This may be a MFC candidate for RELENG_5. Discussed with: cperciva Reviewed by: rwatson Approved by: bmilekic (mentor) PR: kern/70298	2004-08-22 02:03:41 +00:00
..
ffs	Generalize the UFS bad magic value used to determine when a filesystem	2004-08-19 11:09:13 +00:00
ufs	Currently, if the secure level is low enough, system flags can	2004-08-22 02:03:41 +00:00

Christian S.J. Peron 60088fb7b1 Currently, if the secure level is low enough, system flags can

be manipulated by prison root. In 4.x prison root can not manipulate
system flags, regardless of the security level. This behavior
should remain consistent to avoid any surprises which could lead
to security problems for system administrators which give out
privileged access to jails.

This commit changes suser_cred's flag argument from SUSER_ALLOWJAIL
to 0. This will prevent prison root from being able to manipulate
system flags on files.

This may be a MFC candidate for RELENG_5.

Discussed with:	cperciva
Reviewed by:	rwatson
Approved by:	bmilekic (mentor)
PR:		kern/70298

2004-08-22 02:03:41 +00:00

ffs

Generalize the UFS bad magic value used to determine when a filesystem

2004-08-19 11:09:13 +00:00

ufs

Currently, if the secure level is low enough, system flags can

2004-08-22 02:03:41 +00:00