From owner-freebsd-security@FreeBSD.ORG  Wed Dec 28 09:42:03 2011
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2DFD9106564A;
	Wed, 28 Dec 2011 09:42:03 +0000 (UTC)
	(envelope-from bzeeb-lists@lists.zabbadoz.net)
Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25])
	by mx1.freebsd.org (Postfix) with ESMTP id B31D28FC0A;
	Wed, 28 Dec 2011 09:42:02 +0000 (UTC)
Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587])
	(using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.sbone.de (Postfix) with ESMTPS id 3CEC125D3892;
	Wed, 28 Dec 2011 09:42:01 +0000 (UTC)
Received: from content-filter.sbone.de (content-filter.sbone.de
	[IPv6:fde9:577b:c1a9:31::2013:2742])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.sbone.de (Postfix) with ESMTPS id 5D63FBD7F4A;
	Wed, 28 Dec 2011 09:42:00 +0000 (UTC)
X-Virus-Scanned: amavisd-new at sbone.de
Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587])
	by content-filter.sbone.de (content-filter.sbone.de
	[fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024)
	with ESMTP id 0I5Js5tYtprx; Wed, 28 Dec 2011 09:41:59 +0000 (UTC)
Received: from orange-en1.sbone.de (orange-en1.sbone.de
	[IPv6:fde9:577b:c1a9:31:cabc:c8ff:fecf:e8e3])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by mail.sbone.de (Postfix) with ESMTPSA id 5EBFABD7F49;
	Wed, 28 Dec 2011 09:41:59 +0000 (UTC)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
In-Reply-To: <CAJ-UWtQnYWb8TUzk91Z+CxgfVsDM=WtBDrpP_V9pBnv7ar47Fw@mail.gmail.com>
Date: Wed, 28 Dec 2011 09:41:58 +0000
Content-Transfer-Encoding: 7bit
Message-Id: <0A2510CC-578E-4EFB-A82E-E63F6A8EA226@lists.zabbadoz.net>
References: <CAJ-UWtQnYWb8TUzk91Z+CxgfVsDM=WtBDrpP_V9pBnv7ar47Fw@mail.gmail.com>
To: Marin Atanasov Nikolov <dnaeon@gmail.com>
X-Mailer: Apple Mail (2.1084)
Cc: freebsd-security@freebsd.org,
	ml-freebsd-stable <freebsd-stable@freebsd.org>
Subject: Re: Escaping from a jail with root privileges on the host
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Dec 2011 09:42:03 -0000

On 28. Dec 2011, at 08:58 , Marin Atanasov Nikolov wrote:

> Hello,
> 
> Today I've managed to escape from a jail by accident and ended up with
> root access to the host's filesystem.

This has been discussed to lengths within the last year (I think it was).

See the updated man page:
http://svnweb.freebsd.org/base/head/usr.sbin/jail/jail.8?r1=221665&r2=224286

/bz

-- 
Bjoern A. Zeeb                                 You have to have visions!
         Stop bit received. Insert coin for new address family.