From owner-freebsd-hackers@FreeBSD.ORG Thu Apr 21 12:23:49 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 630E016A4CE for ; Thu, 21 Apr 2005 12:23:49 +0000 (GMT) Received: from mxsf20.cluster1.charter.net (mxsf20.cluster1.charter.net [209.225.28.220]) by mx1.FreeBSD.org (Postfix) with ESMTP id EFCB743D55 for ; Thu, 21 Apr 2005 12:23:48 +0000 (GMT) (envelope-from c0ldbyte@myrealbox.com) Received: from mxip04.cluster1.charter.net (mxip04a.cluster1.charter.net [209.225.28.134])j3LCNl0X030896 for ; Thu, 21 Apr 2005 08:23:47 -0400 Received: from 24.247.253.134.gha.mi.chartermi.net (HELO eleanor.us1.wmi.uvac.net) (24.247.253.134) by mxip04.cluster1.charter.net with ESMTP; 21 Apr 2005 08:23:47 -0400 X-Ironport-AV: i="3.92,120,1112587200"; d="scan'208"; a="236680817:sNHT16355016" Date: Thu, 21 Apr 2005 08:23:46 -0400 (EDT) From: c0ldbyte To: freebsd-hackers@freebsd.org In-Reply-To: <20050421114359.GA10842@britannica.bec.de> Message-ID: <20050421081253.S51738@eleanor.us1.wmi.uvac.net> References: <20050420151104.GA11753@grummit.biaix.org> <20050421073009.G51738@eleanor.us1.wmi.uvac.net> <20050421114359.GA10842@britannica.bec.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: Re: Configuration differences for jails X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2005 12:23:49 -0000 On Thu, 21 Apr 2005, Joerg Sonnenberger wrote: > On Thu, Apr 21, 2005 at 07:39:08AM -0400, c0ldbyte wrote: >> Now if that last question is correct and thats the proccess you are using >> to create a jail then depending on the situation wouldnt that inturn >> defeat some of the main purposes of the jail, like the following. If you >> mounted your "/bin" on "/mnt/jail/bin" then if a person that was looking >> to break in and effect the system that is currently locked in the "jail" >> all he would have to do is just write something to the "jail/bin" which is >> actualy your root "/bin" and then the next time a binary is used from your >> root directories it could still infect the rest of the system ultimately >> defeating the purpose of what you just set up. To my understanding and use >> a jail is somewhat totaly independent of the OS that it resides in and >> wont be if you are using nullfs to mount root binary directories on it. > > ro mount as written by grant parent protects against this. > > Joerg Right, I saw the (ro) option as you specified, but still there have been flaws in the sytem and forseen more flaws to come as allmost any programmer these days come accross and to just rely on it being (ro) just seems kind of not something that you should look to totaly to protect the system that the jail resides on. Even though in the unpredicted future a jail could be broken out of to such a instance I consider it to be a safer practice to just make installworld $DESTDIR && make distribution DESTDIR=$DESTJAIL -DNO_MAKEDEV_RUN and just delete stuff out of $DESTJAIL that you dont need for things to run properly and then there is never a instance or less of a chance that things will go wrong for you. As I said before depending on the use of the jail as well would also be a determination on how the jail is setup to but should never interact with the main system that holds the jail. Thats only my opinion though and just releaves thought about other security issues that deal with the main part of the system. -- ( When in doubt, use brute force. -- Ken Thompson 1998 )