diff --git a/en_US.ISO8859-1/books/handbook/jails/chapter.sgml b/en_US.ISO8859-1/books/handbook/jails/chapter.sgml index bfa0ef32e7..9235c05033 100644 --- a/en_US.ISO8859-1/books/handbook/jails/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/jails/chapter.sgml @@ -240,7 +240,7 @@ the procedure for building a jail: &prompt.root; setenv D /here/is/the/jail -&prompt.root; mkdir -p $D +&prompt.root; mkdir -p -m 0700 $D &prompt.root; cd /usr/src &prompt.root; make buildworld &prompt.root; make installworld DESTDIR=$D @@ -261,6 +261,16 @@ of the &os; base system. + + It is important to restrict access to the jail from the host + system to ensure that i.e. setuid files created in the jail + are not usable in the host system; otherwise an attacker with root + access to the jail could create a setuid program in the jail and + execute it in the host. For similar reasons it is a bad idea to + share read/write nullfs mounts between + jails, although NFS is fine. + + If you have already rebuilt your userland using make world or make buildworld, @@ -667,7 +677,7 @@ jail_www_devfs_ruleset="www_ruleset - &prompt.root; mkdir /home/j /home/j/mroot + &prompt.root; mkdir -m 0700 /home/j && mkdir /home/j/mroot &prompt.root; cd /usr/src &prompt.root; make installworld DESTDIR=/home/j/mroot @@ -831,7 +841,7 @@ jail_www_devfs_enable="YES" job *and* have the advantage of being part of the base system of FreeBSD? --> - &prompt.root; mkdir /home/js + &prompt.root; mkdir -m 0700 /home/js &prompt.root; cpdup /home/j/skel /home/js/ns &prompt.root; cpdup /home/j/skel /home/js/mail &prompt.root; cpdup /home/j/skel /home/js/www