This adds jail_attach2 syscall that behave like a regular jail_attach but allows for passing additional flags.
Right now it can be used to disable ptrace on attached process, with an option of disabling it for child too.
kaktus on May 28 2020, 9:33 PM.Authored by
Disabling ptrace should not be an option, it should be mandatory no matter what.
As noted in other review, the actual solution for what I suspect is the intended use case (inspecting something within the jail) would avoid actually attaching yourself in a manner visible in the jail in the first place.
Considering jail_set(2) can also attach with the JAIL_ATTACH flag, it would be handy to put these new flags in the same space, with a JAIL_ATTACH_MASK including them. Then the attaching done by jail_set can also do the right thing if it chooses.
While the JAIL_ATTACH flag was intended for jail creation imitating the old style of always attaching to a new jail, it's also legal for use with JAIL_UPDATE, i.e. for attaching to an existing jail. Thus you can actually do the attach operation with e.g. jail_setv(JAIL_UPDATE | JAIL_ATTACH, "name", "foo", NULL), which doesn't actually update anything but attaches anyway. That means that a new system call is technically redundant and could just be replaced by adding a new flag to jail_set. That does of course lack the elegance of an improved jail_attach(2).
In general I agree, but since this is POLA BSD…
Not really sure about the invisible attachment here, what should happen after fork/exec? Should the child still be invisible?
jexec(8) that use jail_attach(2) is used by rc.d too.
I actually like the jail_attach(2) method better - it's more clear to a programmer who wants to attach to a jail.
I would like the flag to be available to jail_set(2) though. That should be as simple as:
`#define JAIL_ATTACH_NOTRACE 0x10
It's a super old security bug, not a feature.
Actually entering the jail (e.g., jexec) and trying to do something with resources tied to the jail (ifconfig -j or whatever) require 2 distinct syscalls. The latter should never appear inside.