Date: Wed, 11 May 2011 11:06:41 +0100 From: Chris Rees <utisoft@gmail.com> To: Janne Snabb <snabb@epipe.com> Cc: Jamie Landeg Jones <jamie@bishopston.net>, feld@feld.me, Edho P Arief <edhoprima@gmail.com>, freebsd-security@freebsd.org, Poul-Henning Kamp <phk@phk.freebsd.dk>, Bakul Shah <bakul@bitblocks.com>, =?ISO-8859-1?Q?Dag=2DErling_Sm=F8rgrav?= <des@des.no> Subject: Re: Rooting FreeBSD , Privilege Escalation using Jails (P??????tur) Message-ID: <BANLkTimjNOctOgZv09Sx-VFwOcAPKoAb3w@mail.gmail.com> In-Reply-To: <alpine.BSF.2.00.1105110456050.33272@tiktik.epipe.com> References: <20051.1305023864@critter.freebsd.dk> <86k4dy31v7.fsf@ds4.des.no> <20110510174910.64E48B827@mail.bitblocks.com> <alpine.BSF.2.00.1105110456050.33272@tiktik.epipe.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11 May 2011 06:28, "Janne Snabb" <snabb@epipe.com> wrote: > > On Tue, 10 May 2011, Bakul Shah wrote: > > > Dumb question: the jail command can refuse to run unless the > > parent of a jail root is 0700. Would that work? No kernel hack > > required. > > I do not think that this should be enforced in kernel, in the jail(8) > command nor anywhere else. UNIX rm(1) is not opening a pop-up window > asking "are you sure?" if you do "rm -rf /". I suggest you test this assertion.... Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BANLkTimjNOctOgZv09Sx-VFwOcAPKoAb3w>