Date: Mon, 9 May 2011 10:49:47 -0400 From: Jason Hellenthal <jhell@DataIX.net> To: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@des.no> Cc: Jamie Landeg Jones <jamie@bishopston.net>, freebsd-security@freebsd.org, feld@feld.me, Edho P Arief <edhoprima@gmail.com>, utisoft@gmail.com Subject: Re: Rooting FreeBSD , Privilege Escalation using Jails (P??????tur) Message-ID: <20110509144947.GB77054@DataIX.net> In-Reply-To: <86zkmwdpdl.fsf@ds4.des.no> References: <op.vu2g4b0k34t2sn@tech304> <BANLkTikJgPt4SM_B_7drpgFvO8RkvXaOtw@mail.gmail.com> <201105072231.p47MVktY035491@catflap.bishopston.net> <BANLkTikgnqXB4pdvCd9j9n7pFvg=n5FrdQ@mail.gmail.com> <20110508075203.GA61754@DataIX.net> <BANLkTi=8by=rtbNUDtA8CRSMJsmgPOR2XA@mail.gmail.com> <20110508173931.GA2757@DataIX.net> <86fwoof8lj.fsf@ds4.des.no> <BANLkTi=-0=L0MmezOCa=tiv6DrwHYZ83AQ@mail.gmail.com> <86zkmwdpdl.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
--0eh6TmSyL6TZE2Uz Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Dag-Erling, On Mon, May 09, 2011 at 02:34:14PM +0200, Dag-Erling Sm=F8rgrav wrote: > Chris Rees <utisoft@gmail.com> writes: > > This is the point I'm making, I can't recommend in the docs that one > > chmods $D/.. because we (the docs writers) don't know what the user > > (the reader) is going to set $D to. >=20 > Ah, OK. But you could provide an example where $D is /var/jail, or > something along those lines. >=20 Do you know if there is a way that chmod on / from within the jail could=20 be prevented easily without breaking something ? Maybe not failing but=20 falling though and return 0 for any operation with the sole argument of /. --=20 Regards, (jhell) Jason Hellenthal --0eh6TmSyL6TZE2Uz Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) Comment: http://bit.ly/0x89D8547E iQEcBAEBAgAGBQJNx/8LAAoJEJBXh4mJ2FR+IicH+wYSZ/QFJRz0zlN3VcTUWwwC zerzHVtr2gwKFTtYiStSKJ2fH/N3vuDMNmU8AF9nvPLm1dwUo1DuWlo0B290FIQ7 5IGKDXSbXy7AGgWTFG2Mockp4X4fQ05nZRxXSMvIlk+HhD1BSA1s2KKWiV0FR/et rnsAMqTEcAt4cbZ4oh8MQsOdu6idhZJ0z3dXXKhfBW0H7Sf1CXiKztH3UrCvidpe oQHD8i03q5G7BmKVUMJsk7mjUJasm6aLFV/n1UckqAaE/XfHoGj7x4pW8wsQ1ORv cauwJ22uGOiB2CCF95w5ndAUj2dmbpuis+dxkVyYzxZD/tJ0mAt/cKs6oai77BY= =32va -----END PGP SIGNATURE----- --0eh6TmSyL6TZE2Uz--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110509144947.GB77054>