[Midnightbsd-cvs] [MidnightBSD/src] b7585f: A process running inside a jail can avoid being ki...
Lucas Holt
noreply at github.com
Wed Feb 24 17:19:24 EST 2021
Branch: refs/heads/master
Home: https://github.com/MidnightBSD/src
Commit: b7585f1e73a56e30dd193f3350f811519a9a1eca
https://github.com/MidnightBSD/src/commit/b7585f1e73a56e30dd193f3350f811519a9a1eca
Author: Lucas Holt <luke at foolishgames.com>
Date: 2021-02-24 (Wed, 24 Feb 2021)
Changed paths:
M sys/kern/kern_fork.c
M sys/kern/kern_jail.c
M sys/sys/jail.h
Log Message:
-----------
A process running inside a jail can avoid being killed during jail termination.
If a jail is subsequently started with the same root path, a lingering jailed
process may be able to exploit the window during which a devfs filesystem is
mounted but the jail's devfs ruleset has not been applied, to access device
nodes which are ordinarily inaccessible. If the process is privileged, it may
be able to escape the jail and gain full access to the system.
Obtained from: FreeBSD
More information about the Midnightbsd-cvs
mailing list