Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 6 Apr 2010 22:33:30 GMT
From:      Dan Naumov <dan.naumov@gmail.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/145444: sysinstall and sade can access host's disks from within a jail
Message-ID:  <201004062233.o36MXURi031168@www.freebsd.org>
Resent-Message-ID: <201004062240.o36Me2no014640@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         145444
>Category:       kern
>Synopsis:       sysinstall and sade can access host's disks from within a jail
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 06 22:40:01 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Dan Naumov
>Release:        8.0
>Organization:
>Environment:
FreeBSD atombsd.localdomain 8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2 #0: Tue Jan  5 21:11:58 UTC 2010     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
If you run "sade" or "sysinstall" within a jail, you can see the host system's disks from within the jail, giving a malicious superuser within the jail the capability to inspect the disk and partition layout of the host.

Actual destructive actions to the hosts disk from within such an instance of "sade" / "sysinstall" do not seem possible (attempting to write out changes returns an error), but nevertheless such peeking capability is still troubling.

It is my understanding that this is not intended behaviour.
>How-To-Repeat:
1) Install FreeBSD 8.0
2) Create and install a jail
3) Start the jail
4) Log into the jail as a user with root priviledges (locally via host's console or remotely, connecting to an sshd running within the jail)
5) Run "sade" or "sysinstall)
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201004062233.o36MXURi031168>