From slave-mike@rv1.dynip.com  Mon Aug 11 19:57:27 2003
Return-Path: <slave-mike@rv1.dynip.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 40DD537B421
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 11 Aug 2003 19:57:24 -0700 (PDT)
Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.198.39])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9177943F85
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 11 Aug 2003 19:57:23 -0700 (PDT)
	(envelope-from slave-mike@rv1.dynip.com)
Received: from duron.rv1.dynip.com (c-66-177-119-177.se.client2.attbi.com[66.177.119.177](untrusted sender))
          by attbi.com (rwcrmhc13) with ESMTP
          id <200308120257220150045njse>; Tue, 12 Aug 2003 02:57:22 +0000
Received: from rv1.dynip.com (localhost [127.0.0.1])
	by duron.rv1.dynip.com (8.12.9/8.12.9) with ESMTP id h7C2vKd8018367
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 11 Aug 2003 22:57:21 -0400 (EDT)
	(envelope-from slave-mike@rv1.dynip.com)
Message-Id: <3F385790.7000403@rv1.dynip.com>
Date: Mon, 11 Aug 2003 22:57:20 -0400
From: slave-mike <slave-mike@rv1.dynip.com>
To: FreeBSD-gnats-submit@freebsd.org
Subject: DUMP has access to block devices in a JAIL

>Number:         55482
>Category:       docs
>Synopsis:       document the fact that DUMP has access to block devices in a JAIL
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-doc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 11 20:00:30 PDT 2003
>Closed-Date:    Mon Feb 19 13:01:29 GMT 2007
>Last-Modified:  Mon Feb 19 13:01:29 GMT 2007
>Originator:     slave-mike
>Release:        FreeBSD 5.1-RELEASE i386
>Organization:
>Environment:
 System: FreeBSD eadmin.dyns.net 5.1-RELEASE FreeBSD 5.1-RELEASE #0: Mon Aug 11 15:53:58 EDT 2003 
 sysadmin@eadmin.dyns.net:/usr/src/sys/i386/compile/kernel.build.conf i386
 
 
>Description:
 
          A jailed root user can use DUMP and gain a snapshot of the entire disk.
          From there the jailed root user can restore files from the HOST SYSTEM
          or any other jails at their leisure.
 
          Even if DEVFS is not mounted, a root user could possibly create a
          device node anyways, and one needs TTYS anyways.
 
          Some sort of check is not occurring in the disk access code that
          is needed to prevent JAILED users ANY raw access to the disk.
 
>How-To-Repeat:

          Run DUMP in a jailed environment.
 
>Fix:

          Add security checks on device access to prevent jailed users
          from gaining access to things they don't need access to.
 
          If this is a setting which can be changed, the default behavior
          needs to be more security conscious, or at least very very very
          clearly documented.
 
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: ceri 
Responsible-Changed-When: Tue Aug 12 11:51:09 PDT 2003 
Responsible-Changed-Why:  
Reassign misfiled PR. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=55482 
State-Changed-From-To: open->closed 
State-Changed-By: ceri 
State-Changed-When: Tue Aug 12 11:56:19 PDT 2003 
State-Changed-Why:  
This behaviour can be mitigated by use of devfs(8) to remove undesired 
devices from the jailed /dev.  There also exists a facility in /etc/rc.d/devfs 
to impose devfs rules on boot, via /etc/devfs.conf. 

However, there is no manpage for devfs.conf, and I suspect that there does 
deserve to be one, so I am reassigning this as a doc-bug. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=55482 
State-Changed-From-To: closed->open 
State-Changed-By: ceri 
State-Changed-When: Tue Aug 12 11:59:07 PDT 2003 
State-Changed-Why:  
I meant to reassign this to doc, and not close it. 


Class-Changed-From-To: sw-bug->doc-bug 
Class-Changed-By: ceri 
Class-Changed-When: Tue Aug 12 11:59:07 PDT 2003 
Class-Changed-Why:  
I meant to reassign this to doc, and not close it. 


Responsible-Changed-From-To: freebsd-bugs->freebsd-doc 
Responsible-Changed-By: ceri 
Responsible-Changed-When: Tue Aug 12 11:59:07 PDT 2003 
Responsible-Changed-Why:  
I meant to reassign this to doc, and not close it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=55482 

From: Colin Percival <colin.percival@wadham.ox.ac.uk>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: docs/55482: DUMP has access to block devices in a JAIL
Date: Sat, 03 Jan 2004 22:16:21 +0000

 Just a slight correction, for the archives: devfs rules
 go in /etc/devfs.rules, not /etc/devfs.conf
 
 Colin Percival
 
State-Changed-From-To: open->suspended 
State-Changed-By: linimon 
State-Changed-When: Sat Dec 24 03:09:50 UTC 2005 
State-Changed-Why:  
Mark suspended awaiting patches. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=55482 
State-Changed-From-To: suspended->closed 
State-Changed-By: remko 
State-Changed-When: Mon Feb 19 13:01:28 UTC 2007 
State-Changed-Why:  
there is a devfs.conf manual page now 

http://www.freebsd.org/cgi/query-pr.cgi?pr=55482 
>Unformatted:
