From owner-freebsd-security  Fri Dec 18 23:49:46 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA08189
          for freebsd-security-outgoing; Fri, 18 Dec 1998 23:49:46 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA08183
          for <freebsd-security@FreeBSD.ORG>; Fri, 18 Dec 1998 23:49:45 -0800 (PST)
          (envelope-from gdonl@tsc.tdk.com)
Received: from sunrise.gv.tsc.tdk.com (root@sunrise.gv.tsc.tdk.com [192.168.241.191])
	by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id XAA26811;
	Fri, 18 Dec 1998 23:44:36 -0800 (PST)
	(envelope-from gdonl@tsc.tdk.com)
Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194])
	by sunrise.gv.tsc.tdk.com (8.8.5/8.8.5) with ESMTP id WAA24356;
	Fri, 18 Dec 1998 22:43:08 -0800 (PST)
Received: (from gdonl@localhost)
	by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id WAA11564;
	Fri, 18 Dec 1998 22:41:45 -0800 (PST)
From: Don Lewis <Don.Lewis@tsc.tdk.com>
Message-Id: <199812190641.WAA11564@salsa.gv.tsc.tdk.com>
Date: Fri, 18 Dec 1998 22:41:45 -0800
In-Reply-To: Poul-Henning Kamp <phk@critter.freebsd.dk>
       "Re: A better explanation (was: buffer overflows and chroot)" (Dec 18,  9:00pm)
X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95)
To: Poul-Henning Kamp <phk@critter.freebsd.dk>,
        "Marco Molteni" <molter@tin.it>
Subject: Re: A better explanation (was: buffer overflows and chroot)
Cc: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>, freebsd-security@FreeBSD.ORG
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Dec 18,  9:00pm, Poul-Henning Kamp wrote:
} Subject: Re: A better explanation (was: buffer overflows and chroot)

} I have a set of patches which makes a chroot jail escape proof.  These 
} were developed under contract and will end up in FreeBSD sometime over
} the next year.  My client wants to get a head start, and that is only
} fair.

A year or so ago I implemented a more limited scheme to prevent access
to the filesystem outside the chroot area.  I'm in the process of cleaning
it up and hope to post my patches soon.

} The basic concept is that root is only root in a jail if the filesystem
} protects the rest of the system, otherwise he isn't.  For instance he
} can change the owner or modes on a file, but he cannot change IP# on
} an interface.  He can bind to a priviledged TCP port, but only on the
} IP# which belongs to the jail.  And so forth.  Works pretty well.

The IP restrictions would be very handy for some of the stuff that I do.

Can a process in jail kill() a process outside jail?  Can the compartments
nest?

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message