Date: Mon, 31 Jan 2000 03:05:46 +0300 (MSK) From: Dmitry Valdov <dv@dv.ru> To: security@freebsd.org Subject: jail.. Message-ID: <Pine.BSF.3.95q.1000131025803.12484A-100000@xkis.kis.ru>
next in thread | raw e-mail | index | archive | help
Hello! It is possible to take root on entire machine if someone has an account on it an root under jail. for example, we're running jail with chroot to /usr/jail. Someone have root in chroot'ed environment. So, he can create setuid shell in /usr/jail. But if he have normail account on machine, he can run it from /usr/jail and take root on entire machine. chmod /usr/jail doesn't help because chrooted / cannot be read by anyone :( I think that the right solution is to make directory for chroot under 700's directory. Should it be documented in jail man page? Dmitry. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.1000131025803.12484A-100000>