Date: Fri, 29 Dec 2006 04:41:33 -0800 From: Colin Percival <cperciva@freebsd.org> To: freebsd-hackers@freebsd.org, Bill Moran <wmoran@collaborativefusion.com> Subject: Re: Modified version of jexec allows non-root access into jails Message-ID: <45950CFD.5020506@freebsd.org> In-Reply-To: <20061229120030.3DCE316A530@hub.freebsd.org> References: <20061229120030.3DCE316A530@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Bill Moran wrote: > http://people.collaborativefusion.com/~wmoran/code/jailme.html > > Feedback is appreciated. Be very very careful. Both chroot(2) and jail(2) can only be called by root, and for very good reasons. Unprivileged users can create hardlinks to files which they don't own, including setuid root binaries; but these binaries will probably not operate correctly inside a jail of an attacker's construction (e.g., which contains a root password of "r00tmeplz"). The attacker can thus obtain jailed root privileges, create all the setuid root binaries he wants, and then run them from outside of the jail to obtain root privileges in the host machine. The fact that you're calling jail_attach(2) instead of jail(2) makes me slightly less worried, but you'd still have to work very hard to convince me that this should become part of the FreeBSD base system. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45950CFD.5020506>