From owner-freebsd-hackers@FreeBSD.ORG Sun Mar 13 04:52:44 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D9ED416A4CE for ; Sun, 13 Mar 2005 04:52:44 +0000 (GMT) Received: from mail.praemunio.com (mail.praemunio.com [66.179.47.216]) by mx1.FreeBSD.org (Postfix) with SMTP id 256F543D2D for ; Sun, 13 Mar 2005 04:52:42 +0000 (GMT) (envelope-from frank@knobbe.us) Received: from localhost (HELO mail.knobbe.us) by localhost with SMTP; 12 Mar 2005 22:52:41 -0600 Received: from localhost by localhost with SMTP; 12 Mar 2005 22:52:39 -0600 From: Frank Knobbe To: security@revolutionsp.com In-Reply-To: <51723.81.84.175.77.1107199764.squirrel@81.84.175.77> References: <1107178792.613.22.camel@spirit> <20050131161006.GD60177@obiwan.tataz.chchile.org> <51723.81.84.175.77.1107199764.squirrel@81.84.175.77> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-JZY1N/yPymwwI+kavRMc" Date: Sat, 12 Mar 2005 22:52:37 -0600 Message-Id: <1110689557.890.73.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.0.3 FreeBSD GNOME Team Port cc: freebsd-hackers@freebsd.org Subject: Re: Idea about 'skeleton jail X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Mar 2005 04:52:45 -0000 --=-JZY1N/yPymwwI+kavRMc Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, 2005-01-31 at 13:29 -0600, security@revolutionsp.com wrote: > Very nice idea!! This greatly improves jail management on FreeBSD. There > is a possibility for a minor drawback -- if one can change a system binar= y > in the host system, them all jails are compromised -- but assuming one > would need root access on the host to change the binary, he would have > power to change any jail anyway, so this is rather redundant. Another important drawback is that you can not prune the jail. For example, I prefer to remove "sharp objects" from certain jails for security reasons. There is no need for gcc, ftp and other binaries to reside in a jail when these are not used. These only give an intruder into the jail the tools he needs to bring his scripts in to further hack on the system. If you nullfs these directories, you loose the ability to prune the jail. Pruning is part of system hardening. I'd rather improve the security of a jail than to sacrifice it. Your objectives may differ of course. Cheers, Frank --=-JZY1N/yPymwwI+kavRMc Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCM8cVwBQKb2zelzoRAmRLAKDbNCEz2Zq+Xrl9/6RvCayXXWM2iwCgtIfZ VnFuJY1YkLWKx2d/TzaZIrw= =Aej5 -----END PGP SIGNATURE----- --=-JZY1N/yPymwwI+kavRMc--