Date: Mon, 5 May 2014 19:58:52 +0800 From: Erich Dollansky <erichsfreebsdlist@alogt.com> To: freebsd-jail@freebsd.org Subject: Can Firefox break out of a jail Message-ID: <20140505195852.140ddb1b@X220.alogt.com>
next in thread | raw e-mail | index | archive | help
Hi, I do some experimenting with jails at the moment on a FreeBSD 10.0 machine. The jails are all setup manually according to the handbook and man jail. Each jail gets a name and an IP address. Individual ports are then installed via the ports tree. X is running on the host system. Telnet is used to connect to the jails. When I install now firefox in a jail and also in the host system, I get the following behaviour. Scene A Firefox runs already on the host system. I start then firefox inside the jail firefox. It all seems fine as long as I do not use the history or want to save the visited page. The jailed firefox sees then the history of the firefox running on the host. Scene B Firefox is first started inside the jail firefox. When then the host system also starts a firefox, this firefox sees now the history and the filesystem of the jailed firefox. Is it X that allows the jailed firefox to communicate directly with firefox running directly on the host? Is there then a way to secure the system? I have tried then programs like gedit or kate and saw only the behaviour I expected. Both programs either saw only resources from inside the jail or from outside but never resources from the other side of the fence. Erich
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140505195852.140ddb1b>