Date: Sat, 29 Dec 2007 20:31:33 -0500 From: "Dr. Aharon Friedman" <a.friedman@trunutrition.com> To: <freebsd-stable@freebsd.org> Cc: =?iso-8859-1?Q?'Johan_Str=F6m'?= <johan@stromnet.se> Subject: RE: I just broke out of a FreeBSD jail.. Known bug?? Message-ID: <05b801c84a83$b76219d0$292d280a@friedman.net> In-Reply-To: <91064C44-1A41-4FCB-A718-1EF3A63E2273@stromnet.se> References: <91064C44-1A41-4FCB-A718-1EF3A63E2273@stromnet.se>
next in thread | previous in thread | raw e-mail | index | archive | help
It does not look like you broke it. Moving directories between jails = while they are running is not part of the game as it breaks chroot. You could manipulate files between jails with the jails up by using networking, = such as ftp. Obviously, one could program chroot to be able to "eat" this stuff, but = it will make the system cumbersome. Remember, Jails are supposed to = protect against an outside attacker, not against the sys admin. Aharon -----Original Message----- From: Johan Str=F6m [mailto:johan@stromnet.se]=20 Sent: Friday, December 28, 2007 7:16 AM To: freebsd-stable@freebsd.org Subject: I just broke out of a FreeBSD jail.. Known bug?? Hello list! I'm running a FreeBSD 6.2-p8 box with a few jails. The other day a =20 user of mine uploaded a number of files to one jail, then I (in the =20 actual system outside of all jails) moved that directory to another =20 jail.. When I later did some chdiring in the original jail, I found =20 my self standing in my other jails pwd and beeing able to read/=20 manipulate files!.. Example: jb-1 (the base machine, jailbox-1) shell (jail 1) core (jail 2) shell /home/johan# pwd /home/johan shell /home/johan# ls .cshrc .irssi .login_conf .mailrc .profile = .shrc .zcompdump public_html .histfile .login .mail_aliases .noident .rhosts = .ssh .zshrc shell /home/johan# mkdir test shell /home/johan# cd test shell /home/johan/test# touch asd shell /home/johan/test# ls -al total 4 drwxr-xr-x 2 root root 512 Dec 28 13:09 . drwxr-x--x 6 johan johan 512 Dec 28 13:09 .. -rw-r--r-- 1 root root 0 Dec 28 13:09 asd shell /home/johan/test# Then moving it on the root box jb-1 /usr/jails# mv shell/home/johan/test core/home/johan/ jb-1 /usr/jails# And back on shell jail: shell /home/johan/test# ls asd shell /home/johan/test# pwd pwd: .: No such file or directory shell /home/johan/test# cd .. shell /home/johan# ls .cshrc .lesshst .mailrc .shrc .vimrc = file.big roundcube.sql www.tar.gz .histfile .login .mysql_history .ssh .zcompdu = mp pics stuff .history .login_conf .profile .vim .zshrc = postfix-2.4.5 test .irssi .mail_aliases .rhosts .viminfo =20 cacert.pem public_html vmail.tar.gz shell /home/johan# Thats my home dir on core!.. That should very much not be visible =20 there! I have full access now (from the wrong jail!) Known bug or did I just stumble upon something pretty bad?? -- Johan Str=F6m Stromnet johan@stromnet.se http://www.stromnet.se/ No virus found in this outgoing message. Checked by AVG Free Edition.=20 Version: 7.5.516 / Virus Database: 269.17.11/1201 - Release Date: = 12/28/2007 11:51 AM =20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?05b801c84a83$b76219d0$292d280a>