Date: Mon, 09 May 2011 12:55:06 +0100 From: Jamie Landeg Jones <jamie@bishopston.net> To: jamie@bishopston.net, edhoprima@gmail.com Cc: freebsd-security@freebsd.org, feld@feld.me, utisoft@gmail.com Subject: Re: Rooting FreeBSD , Privilege Escalation using Jails =?iso-8859-1?q?=28P=C3=AF=C2=BF=C2=BDtur=29?= Message-ID: <201105091155.p49Bt604053259@catflap.bishopston.net> In-Reply-To: <BANLkTikgnqXB4pdvCd9j9n7pFvg=n5FrdQ@mail.gmail.com> References: <4DC40E21.6040503@gmail.com> <4DC4102E.8000700@gmail.com> <op.vu2g4b0k34t2sn@tech304> <BANLkTikJgPt4SM_B_7drpgFvO8RkvXaOtw@mail.gmail.com> <201105072231.p47MVktY035491@catflap.bishopston.net> <BANLkTikgnqXB4pdvCd9j9n7pFvg=n5FrdQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > A jail won't work for not-root users if the jail root directory is chmod 700 - although > > there is obviously a 'chroot' running withing the jail, the jailed user still needs > > to have read permission from the hosts / -- chmod 700 therefore locks all non-root > > users out. > > > > It's weird - I don't remember having such problem after setting jails' > root directory permission to 700. I don't have the system anymore so I > can't verify it just yet. I just tried it again (Freebsd 8.2) and I am wrong. Setting 700 on the jail root does indeed mess things up. But setting it on the parent (e.g. /usr/jails), and things are fine. Stupidly of me, that makes perfect sense. The non-privileged user needs read access to the jails "/" Sorry for the spam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201105091155.p49Bt604053259>