From owner-freebsd-security@FreeBSD.ORG Sun May 8 08:59:26 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AD455106566B for ; Sun, 8 May 2011 08:59:26 +0000 (UTC) (envelope-from utisoft@gmail.com) Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 37CFB8FC16 for ; Sun, 8 May 2011 08:59:25 +0000 (UTC) Received: by bwz12 with SMTP id 12so4984013bwz.13 for ; Sun, 08 May 2011 01:59:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:reply-to:in-reply-to:references :from:date:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=Xn8/91hT7eEyPm+G77P6jZ/Oex9la2nEtHhMf+N/cts=; b=Q/LcONtWIFvf71DGFKaOhCa4nB0Fc52Mut2VC2NIIWL3GI5557dzwOuXXzN39fWA21 1RMvAAZlraIBEXdb8jsgYJ2wBM6vr2TrVs1uSKUqdboj5IGBve+jL/8FgY4EL4VQ7I0l 2G8r00GSXoTW9j9EX0IuYvllMCNckUBCOmiRo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:reply-to:in-reply-to:references:from:date:message-id :subject:to:cc:content-type:content-transfer-encoding; b=FNJxiovknCAUZAS3npRXNwL89ovJlW8JAkZaO6wcMT91sUPUUwmBgZG4946cg/SrdV hwT8vQolanVdp6XfivO85oGTPcD6r13eTxiEVG57FnF986idReMcWiJnmzzHrA8pGRU1 86aQRU+hLTc5fHJla7F5rqeIU48V8gwl22q5o= Received: by 10.204.41.16 with SMTP id m16mr1982751bke.151.1304845165199; Sun, 08 May 2011 01:59:25 -0700 (PDT) MIME-Version: 1.0 Received: by 10.204.42.21 with HTTP; Sun, 8 May 2011 01:58:55 -0700 (PDT) In-Reply-To: <201105072231.p47MVktY035491@catflap.bishopston.net> References: <4DC40E21.6040503@gmail.com> <4DC4102E.8000700@gmail.com> <201105072231.p47MVktY035491@catflap.bishopston.net> From: Chris Rees Date: Sun, 8 May 2011 09:58:55 +0100 Message-ID: To: Jamie Landeg Jones Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org, feld@feld.me Subject: =?iso-8859-1?q?Re=3A_Rooting_FreeBSD_=2C_Privilege_Escalation_us?= =?iso-8859-1?q?ing_Jails_=28P=EF=BF=BDtur=29?= X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: utisoft@gmail.com List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 May 2011 08:59:26 -0000 On 7 May 2011 23:31, Jamie Landeg Jones wrote: >> All the same, I've sent a PR [1] with some doc patches to make people >> more aware of this -- fulfilling my promise of 2+ years ago :S >> >> Thanks! >> >> Chris >> >> [1] http://www.freebsd.org/cgi/query-pr.cgi?pr=3D156853 > > Um. Some problems here. > > A jail won't work for not-root users if the jail root directory is chmod = 700 - although > there is obviously a 'chroot' running withing the jail, the jailed user s= till needs > to have read permission from the hosts / -- chmod 700 therefore locks all= non-root > users out. > > I would suggest you add to the docs about the UID clash problem - untrust= ed users on the host > shouldn't have the same UID/GID as jailed users, as they will have access= to their files. > > And of course, the bit mentioned earlier where an untrusted jail user wit= h jail-root access > should NEVER have access to the host!o > > Among other things, my password file in both jails and the host has this = line: > > # 8000 to 9999 =A0- =A0Reserved for use within jails - do not use in main= host! > Thanks! Updated the patches about chmodding (d'oh), and I'll send another later about UIDs. Chris