Date: Fri, 6 May 2011 19:12:28 +0100 From: Chris Rees <utisoft@gmail.com> To: Mark Felder <feld@feld.me> Cc: freebsd-security@freebsd.org Subject: =?iso-8859-1?q?Re=3A_Rooting_FreeBSD_=2C_Privilege_Escalation_us?= =?iso-8859-1?q?ing_Jails_=28P=E9tur=29?= Message-ID: <BANLkTimdNPE45uSUphggeRfwfZYcUGQXcQ@mail.gmail.com> In-Reply-To: <op.vu2g4b0k34t2sn@tech304> References: <4DC40E21.6040503@gmail.com> <4DC4102E.8000700@gmail.com> <op.vu2g4b0k34t2sn@tech304>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6 May 2011 17:18, "Mark Felder" <feld@feld.me> wrote: > > On Fri, 06 May 2011 10:13:50 -0500, Daniel Jacobsson < daniel.jacobsson.90@gmail.com> wrote: > >> Can someone confirm if this bugg/exploit works? > > > It's really not a bug or exploit... it's just the guy being crafty. It only makes sense: the jails access the same filesystem as the host. Put a file setuid in the jail and use your user on the host to execute that file and voila, you're now running that executable as root. > > Your users should NEVER have access to the host of the jail. > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BANLkTimdNPE45uSUphggeRfwfZYcUGQXcQ>