From eikemeier@fillmore-labs.com  Sat Sep 13 05:50:51 2003
Return-Path: <eikemeier@fillmore-labs.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3340216A4BF
	for <FreeBSD-gnats-submit@FreeBSD.org>; Sat, 13 Sep 2003 05:50:51 -0700 (PDT)
Received: from mx2.fillmore-labs.com (lima.fillmore-labs.com [62.138.193.83])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5124F43F85
	for <FreeBSD-gnats-submit@FreeBSD.org>; Sat, 13 Sep 2003 05:50:49 -0700 (PDT)
	(envelope-from eikemeier@fillmore-labs.com)
Received: from p5080bc91.dip.t-dialin.net
	([80.128.188.145] helo=fillmore-labs.com ident=vkg20v5nnmn6fph4)
	by mx2.fillmore-labs.com with asmtp (TLSv1:AES256-SHA:256)
	(Exim 4.22)
	id 19y9rT-0008SM-QG
	for FreeBSD-gnats-submit@FreeBSD.org; Sat, 13 Sep 2003 14:50:48 +0200
Message-Id: <3F63129A.5010209@fillmore-labs.com>
Date: Sat, 13 Sep 2003 14:50:34 +0200
From: Oliver Eikemeier <eikemeier@fillmore-labs.com>
To: FreeBSD-gnats-submit@FreeBSD.org
Subject: [PATCH] rc.subr: jail devfs handling broken

>Number:         56748
>Category:       bin
>Synopsis:       [PATCH] rc.subr: jail devfs handling broken
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    cperciva
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Sep 13 06:00:29 PDT 2003
>Closed-Date:    Sun Feb 15 02:11:25 PST 2004
>Last-Modified:  Sun Feb 15 02:11:25 PST 2004
>Originator:     Oliver Eikemeier
>Release:        FreeBSD 5.1-CURRENT i386
>Organization:
Fillmore Labs - http://www.fillmore-labs.com
>Environment:
System: FreeBSD nuuk.fillmore-labs.com 5.1-CURRENT

>Description:

When you start a jail on 5-CURRENT with

jail_enable="YES"
jail_list="myjail"
jail_myjail_rootdir="/home/myjail"
... in /etc/rc.conf

/dev/console of the base system is clobbered

Moreover, the rules for the devfs mounted in the jail
are set, but not applied, which gives the jail
access to too many devices and is a security breach.

There is another bug this patch doesn't fix:

devfs_link doesn't seem to work for the console device.

>How-To-Repeat:
>Fix:

--- rc.subr.patch begins here ---
--- src/etc/rc.subr.orig	Fri Aug 22 11:55:52 2003
+++ src/etc/rc.subr	Sat Sep 13 14:17:34 2003
@@ -1039,7 +1039,7 @@
 }
 
 # devfs_link dir src link
-#	Make a symbolic link 'link' to src in chroot/dev.
+#	Make a symbolic link 'link' to src in dir.
 #	Returns 0 on sucess.
 #
 devfs_link()
@@ -1058,7 +1058,7 @@
 		warn "$_me: the directory ($dir) does not exist"
 		return 1
 	fi
-	cd ${chroot}/dev
+	cd ${dir}
 	if ! ln -sf $src $link ; then
 		warn "$_me: unable to link $link --> $src in $dir"
 		return 1
@@ -1230,6 +1230,7 @@
 	if [ -n "$rs" ]; then
 		devfs_init_rulesets
 		devfs_set_ruleset $rs $devdir
+		devfs_apply_ruleset $rs $devdir
 	fi
 	return 0
 }
--- rc.subr.patch ends here ---


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->cperciva 
Responsible-Changed-By: cperciva 
Responsible-Changed-When: Wed Feb 11 14:23:37 PST 2004 
Responsible-Changed-Why:  
I'll take this one. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=56748 
State-Changed-From-To: open->closed 
State-Changed-By: cperciva 
State-Changed-When: Sun Feb 15 02:10:05 PST 2004 
State-Changed-Why:  
mtm fixed this in -current two months ago. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=56748 
>Unformatted:
