Date: Wed, 04 Sep 2013 13:40:31 +0400 From: olevole <olevole@olevole.ru> To: freebsd-doc@freebsd.org, freebsd-jail@freebsd.org Subject: handbook chapter for jail best practices needs for security remark Message-ID: <2169287.FiyytKgDHO@gizmo.nevosoft.local>
next in thread | raw e-mail | index | archive | help
Mounting directory via nullfs when RW part mounted above RO from one filesystem is insecure for RO location, because it allows you to edit a file by hardlink on RO place, due to the fact that the files have one inode. For example (by root user): % mkdir /usr/chroot % bsdinstall jail /usr/chroot % mount_nullfs -oro /bin /usr/chroot/bin % mkdir /rw % mount_nullfs /rw /usr/chroot/root % chroot /usr/chroot % touch /bin/date touch: /bin/date: Read-only file system % cd ~ % ln /bin/date % ls -i /bin/date /root/date 58182 /bin/date 58182 /root/date (open /root/date in vi editor and change something) % vi date dd :wq! (logout from chroot) % exit (now /bin/date is corrupted) % /bin/date /bin/date: Exec format error. Binary file not executable. Such scheme when the RW data is overlaid above RO data is popular for jail hosting and described in Handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-application.html Perhaps it is worth mentioning in the article about the need to separate base to cross-device storage or place it on a read-only system.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2169287.FiyytKgDHO>