From nobody@FreeBSD.org  Sat Feb 10 06:44:29 2007
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 7353516A402
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 10 Feb 2007 06:44:29 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [69.147.83.33])
	by mx1.freebsd.org (Postfix) with ESMTP id 648EA13C4A5
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 10 Feb 2007 06:44:29 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id l1A6iTuu022221
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 10 Feb 2007 06:44:29 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id l1A6iT3H022220;
	Sat, 10 Feb 2007 06:44:29 GMT
	(envelope-from nobody)
Message-Id: <200702100644.l1A6iT3H022220@www.freebsd.org>
Date: Sat, 10 Feb 2007 06:44:29 GMT
From: Chris Haulmark<chris@sigd.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [patch] add summary of kern/48198 to jexec manpage
X-Send-Pr-Version: www-3.0

>Number:         109008
>Category:       docs
>Synopsis:       [patch] add summary of kern/48198 to jexec(8)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    csjp
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sat Feb 10 06:50:14 GMT 2007
>Closed-Date:    
>Last-Modified:  Sat Feb 10 18:19:20 GMT 2007
>Originator:     Chris Haulmark
>Release:        6.2-stable
>Organization:
>Environment:
>Description:

>How-To-Repeat:

>Fix:


Patch attached with submission follows:

--- jexec.8	Thu Jun  8 12:29:05 2006
+++ jexec.8-edited	Sat Feb 10 00:32:35 2007
@@ -53,6 +53,23 @@
 The user name from jailed environment as whom the
 .Ar command
 should run.
+.Sh DESIGN NOTES
+Administrator have to be aware that non-jailed users
+can kill processes owned by the same UID that are
+running in jail environments.  It is suggested that
+the administrators do not create user accounts outside
+the jail enviornments with the same UIDs as the accounts
+inside the jail.  Exactly same problem exists with file
+system objects and this can't be sloved in this way,
+because no information about jail exists in file's inode
+and users outside of jail are not chrooted.
+
+If administrator is running virtual servers with jail and
+with regular users inside those virtual servers, it is
+recommended that there should be no users accounts on this
+machine outside the jail environments.
+
+This above is an expected behavior.
 .Sh SEE ALSO
 .Xr jail_attach 2 ,
 .Xr jail 8 ,

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-doc 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sat Feb 10 08:34:31 UTC 2007 
Responsible-Changed-Why:  
reclassify. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=109008 
Responsible-Changed-From-To: freebsd-doc->csjp 
Responsible-Changed-By: csjp 
Responsible-Changed-When: Sat Feb 10 18:18:03 UTC 2007 
Responsible-Changed-Why:  
I will take ownership of this PR.  At first glance this looks a 
bit problematic.  I am going to be doing a bit of digging on the 
subject. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=109008 
>Unformatted:
