From kostikbel@gmail.com  Thu May 26 00:53:53 2011
Return-Path: <kostikbel@gmail.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9A01F106566B
	for <bug-followup@freebsd.org>; Thu, 26 May 2011 00:53:53 +0000 (UTC)
	(envelope-from kostikbel@gmail.com)
Received: from mail.zoral.com.ua (mx0.zoral.com.ua [91.193.166.200])
	by mx1.freebsd.org (Postfix) with ESMTP id 0F9098FC0C
	for <bug-followup@freebsd.org>; Thu, 26 May 2011 00:53:52 +0000 (UTC)
Received: from deviant.kiev.zoral.com.ua (root@deviant.kiev.zoral.com.ua [10.1.1.148])
	by mail.zoral.com.ua (8.14.2/8.14.2) with ESMTP id p4Q0IK1D045088
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Thu, 26 May 2011 03:18:20 +0300 (EEST)
	(envelope-from kostikbel@gmail.com)
Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1])
	by deviant.kiev.zoral.com.ua (8.14.4/8.14.4) with ESMTP id p4Q0IKIC016134;
	Thu, 26 May 2011 03:18:20 +0300 (EEST)
	(envelope-from kostikbel@gmail.com)
Received: (from kostik@localhost)
	by deviant.kiev.zoral.com.ua (8.14.4/8.14.4/Submit) id p4Q0IHMr016133;
	Thu, 26 May 2011 03:18:17 +0300 (EEST)
	(envelope-from kostikbel@gmail.com)
Message-Id: <20110526001815.GD48734@deviant.kiev.zoral.com.ua>
Date: Thu, 26 May 2011 03:18:17 +0300
From: Kostik Belousov <kostikbel@gmail.com>
To: Chris Rees <utisoft@gmail.com>
Cc: Colin Percival <cperciva@freebsd.org>, bug-followup@freebsd.org,
        Benedict Reuschling <bcr@freebsd.org>,
        Jilles Tjoelker <jilles@stack.nl>
In-Reply-To: <BANLkTikMVLUKxs0TSjaGkSrh1YtHj81NZA@mail.gmail.com>
Subject: Re: Fwd: docs/156853: [patch] Update docs: jail(8) security issues with world-readable jail root
References: <4DD90459.3010200@FreeBSD.org> <20110522191752.GR48734@deviant.kiev.zoral.com.ua> <4DDB76E7.4020602@freebsd.org> <BANLkTikMVLUKxs0TSjaGkSrh1YtHj81NZA@mail.gmail.com>

>Number:         157328
>Category:       docs
>Synopsis:       Re: docs/156853: [patch] Update docs: jail(8) security issues with world-readable jail root
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-doc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu May 26 01:00:20 UTC 2011
>Closed-Date:    Thu May 26 14:05:46 UTC 2011
>Last-Modified:  Thu May 26 14:05:46 UTC 2011
>Originator:     
>Release:        
>Organization:
>Environment:
>Description:
 --E+86ihFF7hRL3Z+M
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 On Wed, May 25, 2011 at 06:52:03PM +0100, Chris Rees wrote:
 > Thanks for the input from kib@, bcr@, jilles@ and cperciva@ there's a
 > new patch for each [1,2].
 >=20
 > Chris
 >=20
 > [1] http://www.bayofrum.net/~crees/patches/jail-secure-handbook_2.diff
 > [2] http://www.bayofrum.net/~crees/patches/jail-secure-manpage_2.diff
 
 Now you are referencing some unspecified "file descriptors" handling
 issues that are present for nullfs but not for NFS. What are they ?
 
 Please do not mention me in any way if the patches happen to land
 in our repository.
 
 BTW, do we also put such verbose wording somewhere for the "security"
 issue of removing not writable / not owned files in the directory
 writable by some user ?
 
 --E+86ihFF7hRL3Z+M
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (FreeBSD)
 
 iEYEARECAAYFAk3dnEcACgkQC3+MBN1Mb4jOiwCg5WAXAI6e/ujA88Ems89Ihwe0
 neAAn0ISQsydOHb1JZcLHsCwgFsWc6mW
 =riqH
 -----END PGP SIGNATURE-----
 
 --E+86ihFF7hRL3Z+M--
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: linimon 
State-Changed-When: Thu May 26 14:03:09 UTC 2011 
State-Changed-Why:  
Misfiled followup to docs/156853; content migrated. 


Responsible-Changed-From-To: gnats-admin->freebsd-doc 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Thu May 26 14:03:09 UTC 2011 
Responsible-Changed-Why:  

http://www.freebsd.org/cgi/query-pr.cgi?pr=157328 
>Unformatted:
