From owner-freebsd-security@FreeBSD.ORG Wed May 11 18:36:29 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3ED3D106566B for ; Wed, 11 May 2011 18:36:29 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [206.40.34.5]) by mx1.freebsd.org (Postfix) with ESMTP id 314708FC18 for ; Wed, 11 May 2011 18:36:28 +0000 (UTC) Received: from mx5.roble.com (mx5.roble.com [206.40.34.5]) by mx5.roble.com (Postfix) with ESMTP id 461676788F for ; Wed, 11 May 2011 11:21:11 -0700 (PDT) Date: Wed, 11 May 2011 11:21:11 -0700 (PDT) From: Roger Marquis To: freebsd-security@freebsd.org In-Reply-To: <20110511120032.7D5FB10657F4@hub.freebsd.org> References: <20110511120032.7D5FB10657F4@hub.freebsd.org> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Message-Id: <20110511183629.3ED3D106566B@hub.freebsd.org> Subject: Re: Rooting FreeBSD , Privilege Escalation using Jails X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2011 18:36:29 -0000 Dag-Erling Sm?rgrav wrote: > Bakul Shah writes: >> Dumb question: the jail command can refuse to run unless the >> parent of a jail root is 0700. Would that work? No kernel hack >> required. > > All right, this is getting ridiculous. It's far past the point of being ridiculous, so far in fact that I would not be surprised if someone employed by Redhat, Canonical or the FSF was behind paid to astroturf. The tactic may have worked for Gnome, KDE, and a large number of apps but FreeBSD coders are generally more experienced than that. Roger Marquis