[Midnightbsd-cvs] [MidnightBSD/src] c1ddf4: A process running inside a jail can avoid being ki...
Lucas Holt
noreply at github.com
Wed Feb 24 14:54:27 EST 2021
Branch: refs/heads/stable/2.0
Home: https://github.com/MidnightBSD/src
Commit: c1ddf404e381c00a3450b079e599bcc3547f84b4
https://github.com/MidnightBSD/src/commit/c1ddf404e381c00a3450b079e599bcc3547f84b4
Author: Lucas Holt <luke at foolishgames.com>
Date: 2021-02-24 (Wed, 24 Feb 2021)
Changed paths:
M sys/kern/kern_fork.c
M sys/kern/kern_jail.c
M sys/sys/jail.h
Log Message:
-----------
A process running inside a jail can avoid being killed during jail termination.
If a jail is subsequently started with the same root path, a lingering jailed
process may be able to exploit the window during which a devfs filesystem is
mounted but the jail's devfs ruleset has not been applied, to access device
nodes which are ordinarily inaccessible. If the process is privileged, it may
be able to escape the jail and gain full access to the system.
Obtained from: FreeBSD
More information about the Midnightbsd-cvs
mailing list