Add a warning note to security.jail.allow_raw_sockets

about the risks of enabling raw sockets in prisons.

Because raw sockets can be used to configure and interact
with various network subsystems, extra caution should be
used where privileged access to jails is given out to
untrusted parties. As such, by default this option is disabled.

A few others and I are currently auditing the kernel
source code to ensure that the use of raw sockets by
privledged prison users is safe.

Approved by:	bmilekic (mentor)

1 files changed, 4 insertions, 1 deletions

diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8
index 53544f1..09c4a63 100644
--- a/usr.sbin/jail/jail.8
+++ b/usr.sbin/jail/jail.8
@@ -419,7 +419,10 @@ is set, the source IP addresses are enforced to comply
 with the IP address bound to the jail, regardless of whether or not
 the
 .Dv IP_HDRINCL
-flag has been set on the socket.
+flag has been set on the socket. Because raw sockets can be used to configure
+and interact with various network subsystems, extra caution should be used
+where privileged access to jails is given out to untrusted parties. As such,
+by default this option is disabled.
 .It Va security.jail.getfsstatroot_only
 This MIB entry determines whether or not processes within a jail are able
 to see data for all mountpoints.