HomeFreeBSD
Diffusion FreeBSD src repository 1ff3118d72b1

MFC jail: only chdir to user's home directory when user is specified
1ff3118d72b1
Actions

Description

MFC jail: only chdir to user's home directory when user is specified

jail(8) with the "exec.clean" parameter not only cleans the enviromnent
variables before running commands, but also changes to the user's home
directory. While this makes sense when auser is specified (via one of
the exec.*_user parameters), it leads to all commands being run in the
jail's /root directory even in the absence of an explicitly specified
user. This can lead to problems when e.g. rc scripts are run from that
non-world-readable directory, and run counter to expectations that jail
startup is analogous to system startup.

Restrict this behvaiour to only users exlicitly specified, either via
the command line or jail parameters, but not the implicit root user.
While this changes long-stand practice, it's the more intuitive action.

jexec(8) has the same problem, and the same fix.

PR: 277210
Reported by: johannes.kunde at gmail
Differential Revision: https://reviews.freebsd.org/D46226

(cherry picked from commit 5cf705491727dd963485f9911ee3d52c3bf148db)

Details

Provenance
jamieAuthored on Aug 12 2024, 10:23 PM
Differential Revision
D46226: Restrict jail(8) and jexec(8) to chdir to the user's directory only when the user is expicitly specified
Parents
rG8774fa749d4e: msdosfs: fix cluster limit when mounting FAT-16 file systems
Branches
Unknown
Tags
Unknown

Changes (4)

PathSize
usr.sbin/
jail/
jexec/

rG1ff3118d72b1

View Options

usr.sbin/jail/command.c

Loading...
View Options

usr.sbin/jail/jail.8

Loading...
View Options

usr.sbin/jexec/jexec.8

Loading...
View Options

usr.sbin/jexec/jexec.c

Loading...