Date: Sat, 07 May 2011 23:31:46 +0100 From: Jamie Landeg Jones <jamie@bishopston.net> To: utisoft@gmail.com, feld@feld.me Cc: freebsd-security@freebsd.org Subject: Re: Rooting FreeBSD , Privilege Escalation using Jails =?iso-8859-1?q?=28P=EF=BF=BDtur=29?= Message-ID: <201105072231.p47MVktY035491@catflap.bishopston.net> In-Reply-To: <BANLkTikJgPt4SM_B_7drpgFvO8RkvXaOtw@mail.gmail.com> References: <4DC40E21.6040503@gmail.com> <4DC4102E.8000700@gmail.com> <op.vu2g4b0k34t2sn@tech304> <BANLkTikJgPt4SM_B_7drpgFvO8RkvXaOtw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> All the same, I've sent a PR [1] with some doc patches to make people > more aware of this -- fulfilling my promise of 2+ years ago :S > > Thanks! > > Chris > > [1] http://www.freebsd.org/cgi/query-pr.cgi?pr=156853 Um. Some problems here. A jail won't work for not-root users if the jail root directory is chmod 700 - although there is obviously a 'chroot' running withing the jail, the jailed user still needs to have read permission from the hosts / -- chmod 700 therefore locks all non-root users out. I would suggest you add to the docs about the UID clash problem - untrusted users on the host shouldn't have the same UID/GID as jailed users, as they will have access to their files. And of course, the bit mentioned earlier where an untrusted jail user with jail-root access should NEVER have access to the host!o Among other things, my password file in both jails and the host has this line: # 8000 to 9999 - Reserved for use within jails - do not use in main host! cheers, Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201105072231.p47MVktY035491>