From owner-freebsd-security@FreeBSD.ORG Wed May 11 15:51:37 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 334E91065674 for ; Wed, 11 May 2011 15:51:37 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id DA03D8FC0C for ; Wed, 11 May 2011 15:51:36 +0000 (UTC) Received: by iyj12 with SMTP id 12so635931iyj.13 for ; Wed, 11 May 2011 08:51:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:date:from:to:cc:subject:message-id :references:mime-version:content-type:content-disposition :in-reply-to:x-openpgp-key-id:x-openpgp-key-fingerprint :x-openpgp-key-url; bh=KmMrYu58Pt9MPylzBEDrPdbgseNYRs2aD7A5SJC04BE=; b=OJJQjsm9w4QJ+Vy9T9ZGYTq4RQbbNYlfWjoPzkQHN5GfasObW9jNfLNW8za/hS6KK8 oHbNRo0LHBFrCM4P6MQwgrXzcrPR49VwDRsEg6iS+P+2kjwjH9p21KBsS508+VAgSFEE fzKjHP1jmXbfEktcUjBubFPESU1cJ+QwQSJ+o= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-openpgp-key-id :x-openpgp-key-fingerprint:x-openpgp-key-url; b=U3rtcNLJwRgCUF4SDL+nSUaJKKEU1+jQRSAU53Ls9E8+/tCvf1NH9M4wfmkz9ruDI2 GSEbyooQGrFfL44Pbu1U0jeQI1+Gh4NVIQ4dCfRGOQcIT16HLHW38CF3/ovztqA93lhW BaU6uu4tMP3Sbmr3cceoUtrozQipnKP+4hSnY= Received: by 10.43.133.199 with SMTP id hz7mr9022478icc.357.1305129096248; Wed, 11 May 2011 08:51:36 -0700 (PDT) Received: from DataIX.net ([99.190.84.116]) by mx.google.com with ESMTPS id ww2sm84896icb.3.2011.05.11.08.51.33 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 11 May 2011 08:51:34 -0700 (PDT) Sender: "J. Hellenthal" Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.4/8.14.4) with ESMTP id p4BFpUpR028893 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 May 2011 11:51:31 -0400 (EDT) (envelope-from jhell@DataIX.net) Received: (from jhell@localhost) by DataIX.net (8.14.4/8.14.4/Submit) id p4BFpSDY028892; Wed, 11 May 2011 11:51:28 -0400 (EDT) (envelope-from jhell@DataIX.net) Date: Wed, 11 May 2011 11:51:27 -0400 From: Jason Hellenthal To: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= Message-ID: <20110511155127.GA28725@DataIX.net> References: <20051.1305023864@critter.freebsd.dk> <86k4dy31v7.fsf@ds4.des.no> <20110510174910.64E48B827@mail.bitblocks.com> <86d3jpoa1s.fsf@ds4.des.no> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="gKMricLos+KVdGMg" Content-Disposition: inline In-Reply-To: <86d3jpoa1s.fsf@ds4.des.no> X-OpenPGP-Key-Id: 0x89D8547E X-OpenPGP-Key-Fingerprint: 85EF E26B 07BB 3777 76BE B12A 9057 8789 89D8 547E X-OpenPGP-Key-URL: http://bit.ly/0x89D8547E Cc: Jamie Landeg Jones , feld@feld.me, Edho P Arief , freebsd-security@freebsd.org, Poul-Henning Kamp , Bakul Shah , utisoft@gmail.com Subject: Re: Rooting FreeBSD , Privilege Escalation using Jails (P??????tur) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2011 15:51:37 -0000 --gKMricLos+KVdGMg Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Dag-Erling, On Wed, May 11, 2011 at 11:34:23AM +0200, Dag-Erling Sm=F8rgrav wrote: > Bakul Shah writes: > > Dumb question: the jail command can refuse to run unless the > > parent of a jail root is 0700. Would that work? No kernel hack > > required. >=20 > All right, this is getting ridiculous. >=20 +1 --=20 Regards, (jhell) Jason Hellenthal --gKMricLos+KVdGMg Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) Comment: http://bit.ly/0x89D8547E iQEcBAEBAgAGBQJNyrB/AAoJEJBXh4mJ2FR+AY4H/ivdXhZVrRoVPf672rm2/JeV lZioD49RKfYTuTgKwRQNQM/WnvQH49M9CCL7n15bg2yquL/bTvLGfXf3mEJM5D2q zfJAXTa4o8HMotaFir+vs6ck7sz5XCk+4/KYEPyGivCV8COLxSGBplzphR6b8nSx 9yQoACjJrJ97FOugFJxVNkxDiCjV/nEXbqEnumo3cqMqSpHfXz4THFH3Dyj44wP+ q/IOY2efK5Qj9lBs+m/L9Auws3wnXEH72gLxJivLXIWOeswNoxfqwmBPDVSYIoNc jgkm/TMQuDcoVshXakNqYTXGoLOztBxsyLlDaTJ/574SRAWakda+QvztcT7LH6w= =NA5k -----END PGP SIGNATURE----- --gKMricLos+KVdGMg--