Get a Quote (408) 943-4100

Commercial Support

TrueNAS.com Software Systems Company Community Security iX Portal Download

Docs Navigation

TrueNAS CORE TrueNAS Enterprise TrueNAS SCALE TrueCommand Help Me Choose FreeNAS

Systems Overview M-Series X-Series R-Series Mini Series

Blog In the News TrueNAS Store iXsystems Careers

TrueNAS GitHub Community Forum Discord TrueNAS Merch Store

Application Asigra TrueNAS Solution Backup Big Data Cloud Multimedia Virtualization

Industry Education Finance Government Healthcare High-Tech Media & Entertainment

Support Documentation TrueNAS Security Blog Case Studies White Papers Solution Briefs iX Portal Plugins & Apps ZFS

Download TrueNAS CORE

Download TrueNAS SCALE

Get TrueNAS Enterprise

FreeBSD jail

core

TrueNAS 12.0

FreeBSD-SA-21:05.jail_chdirn : jail_attach(2) relies on the caller to change the cwd

2021-02-24

Versions Affected : All versions prior to TrueNAS 12.0-U3

Description

When a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed.

A process with superuser privileges running inside a jail could change the root directory outside of the jail, thereby gaining full read and writing access to all files and directories in the system.

Workaround

No workaround is available, but systems that are not running jails with untrusted root users are not vulnerable.

FreeBSD-SA-21:05.jail_chdirn : jail_attach(2) relies on the caller to change the cwd

Description

Workaround

Mitigation

Commit

Further information