Date: Mon, 30 Dec 2002 10:01:41 -0500 From: Steve Shorter <steve@nomad.lets.net> To: Elite Bizkit <elite_bizkit@hotmail.com> Cc: freebsd-security@FreeBSD.org Subject: Re: FreeBSD Jail Message-ID: <20021230100141.A48412@nomad.lets.net> In-Reply-To: <F104zMp5gZqY2at4ktk000143fc@hotmail.com>; from elite_bizkit@hotmail.com on Mon, Dec 30, 2002 at 01:23:03PM %2B0000 References: <F104zMp5gZqY2at4ktk000143fc@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 30, 2002 at 01:23:03PM +0000, Elite Bizkit wrote: > First of all, how do you login to the jail (and logout)? Another question is The same way that you login in to any system. Well, there are restrictions in the jail of course. A common way is to run sshd in a jail and then ssh in. I ussually run sshd and syslogd in the jailed environment, this depends on what you need of course. > if someone manages to get root in the jail what happens if they run "exit", > will they get to the host system or will it just close the jail and their > connection? And finally in the BSDpro article the ports system was mounted "exit". You mean exit a shell? Well, then the shell will exit and the connection may close and then you will still have sshd running in the jail or whatever... > using mount_nfs, surely if you can run this in the jail then you could mount > other directories such as "/etc" and screw around with files on the host > system? You can't run mount in a jail. That doesn't mean that the mounts outside of the jail are all invisible inside. It depends how you set up your chroot environment. One interesting "feature" of NFS mounts is that they can be read/write in the jail but the network they are mounted on can be otherwise inaccessable to the jail. > > Im probably missing something simple here but if anyone could answer any of > the above I would be very greatful :) > Experimenting with jail is fun and probably the best way to learn this stuff. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021230100141.A48412>