From owner-freebsd-security Sun Jan 30 23:37: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131]) by hub.freebsd.org (Postfix) with ESMTP id 9082114C90 for ; Sun, 30 Jan 2000 23:36:57 -0800 (PST) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost.freebsd.dk [127.0.0.1]) by critter.freebsd.dk (8.9.3/8.9.3) with ESMTP id IAA21079; Mon, 31 Jan 2000 08:36:32 +0100 (CET) (envelope-from phk@critter.freebsd.dk) To: Dmitry Valdov Cc: security@FreeBSD.ORG Subject: Re: jail.. In-reply-to: Your message of "Mon, 31 Jan 2000 03:05:46 +0300." Date: Mon, 31 Jan 2000 08:36:32 +0100 Message-ID: <21077.949304192@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message , Dmitry Val dov writes: >Hello! > >It is possible to take root on entire machine if someone has an account on >it an root under jail. >for example, we're running jail with chroot to /usr/jail. Someone have root >in chroot'ed environment. >So, he can create setuid shell in /usr/jail. >But if he have normail account on machine, he can run it from /usr/jail and >take root on entire machine. >chmod /usr/jail doesn't help because chrooted / cannot be read by anyone :( > >I think that the right solution is to make directory for chroot under 700's >directory. Should it be documented in jail man page? The right solution is to not give any accouns outside the jails. -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message