Date: Sun, 8 May 2011 14:55:55 +0700 From: Edho P Arief <edhoprima@gmail.com> To: Jason Hellenthal <jhell@dataix.net> Cc: Jamie Landeg Jones <jamie@bishopston.net>, freebsd-security@freebsd.org, feld@feld.me, utisoft@gmail.com Subject: Re: Rooting FreeBSD , Privilege Escalation using Jails (P??????tur) Message-ID: <BANLkTim2cpR0NtA%2BALW3bjt_d7vw8gAV1Q@mail.gmail.com> In-Reply-To: <20110508075203.GA61754@DataIX.net> References: <4DC40E21.6040503@gmail.com> <4DC4102E.8000700@gmail.com> <op.vu2g4b0k34t2sn@tech304> <BANLkTikJgPt4SM_B_7drpgFvO8RkvXaOtw@mail.gmail.com> <201105072231.p47MVktY035491@catflap.bishopston.net> <BANLkTikgnqXB4pdvCd9j9n7pFvg=n5FrdQ@mail.gmail.com> <20110508075203.GA61754@DataIX.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, May 8, 2011 at 2:52 PM, Jason Hellenthal <jhell@dataix.net> wrote: > > Edho, > > It should also be noted here that the jailed root user also has permission > to chmod(1) '/' to anything he or she wants unless you have taken > precaution to not allow that. I would reccoment storing your jails two > levels deep into a directory and chmod(1) 700 the first level to prevent > access from the host and from the jailed root user changing the perms. > I indeed changed the permission above the jail's root. I usually make it like this: /jails/jailname/root and I set 700 on /jails/jailname. It's been a long time but as I said before I don't remember encountering permission problem in the jail. Or perhaps I remembered it wrong.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BANLkTim2cpR0NtA%2BALW3bjt_d7vw8gAV1Q>