Date: Fri, 28 Dec 2007 13:15:38 +0100 From: =?ISO-8859-1?Q?Johan_Str=F6m?= <johan@stromnet.se> To: freebsd-stable@freebsd.org Subject: I just broke out of a FreeBSD jail.. Known bug?? Message-ID: <91064C44-1A41-4FCB-A718-1EF3A63E2273@stromnet.se>
next in thread | raw e-mail | index | archive | help
Hello list! I'm running a FreeBSD 6.2-p8 box with a few jails. The other day a =20 user of mine uploaded a number of files to one jail, then I (in the =20 actual system outside of all jails) moved that directory to another =20 jail.. When I later did some chdiring in the original jail, I found =20 my self standing in my other jails pwd and beeing able to read/=20 manipulate files!.. Example: jb-1 (the base machine, jailbox-1) shell (jail 1) core (jail 2) shell /home/johan# pwd /home/johan shell /home/johan# ls .cshrc .irssi .login_conf .mailrc .profile=20= .shrc .zcompdump public_html .histfile .login .mail_aliases .noident .rhosts =20= .ssh .zshrc shell /home/johan# mkdir test shell /home/johan# cd test shell /home/johan/test# touch asd shell /home/johan/test# ls -al total 4 drwxr-xr-x 2 root root 512 Dec 28 13:09 . drwxr-x--x 6 johan johan 512 Dec 28 13:09 .. -rw-r--r-- 1 root root 0 Dec 28 13:09 asd shell /home/johan/test# Then moving it on the root box jb-1 /usr/jails# mv shell/home/johan/test core/home/johan/ jb-1 /usr/jails# And back on shell jail: shell /home/johan/test# ls asd shell /home/johan/test# pwd pwd: .: No such file or directory shell /home/johan/test# cd .. shell /home/johan# ls .cshrc .lesshst .mailrc .shrc .vimrc =20= file.big roundcube.sql www.tar.gz .histfile .login .mysql_history .ssh .zcompdu=20= mp pics stuff .history .login_conf .profile .vim .zshrc =20= postfix-2.4.5 test .irssi .mail_aliases .rhosts .viminfo =20 cacert.pem public_html vmail.tar.gz shell /home/johan# Thats my home dir on core!.. That should very much not be visible =20 there! I have full access now (from the wrong jail!) Known bug or did I just stumble upon something pretty bad?? -- Johan Str=F6m Stromnet johan@stromnet.se http://www.stromnet.se/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?91064C44-1A41-4FCB-A718-1EF3A63E2273>