Date: Wed, 13 Aug 2003 21:04:06 -0400 From: mjoyner <mjoyner@rv1.dynip.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/55568: DUMP has access to block devices in a JAIL Message-ID: <3F3AE006.3040400@rv1.dynip.com> Resent-Message-ID: <200308140110.h7E1AJuu077239@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 55568 >Category: kern >Synopsis: DUMP can be used in JAIL >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Aug 13 18:10:18 PDT 2003 >Closed-Date: >Last-Modified: >Originator: System Administrator >Release: FreeBSD 5.1-RELEASE i386 >Organization: >Environment: System: FreeBSD eadmin.dyns.net 5.1-RELEASE FreeBSD 5.1-RELEASE #0: Mon Aug 11 15:5 3:58 EDT 2003 sysadmin@eadmin.dyns.net:/usr/src/sys/i386/compile/kernel.build.conf i386 >Description: A jailed root user can use DUMP and gain a snapshot of the entire disk. From there the jailed root user can restore files from the HOST SYSTEM or any other jails at their leisure. Even if DEVFS is not mounted, a root user could possibly create a device node anyways, and one needs TTYS anyways. Some sort of check is not occurring in the disk access code that is needed to prevent JAILED users ANY raw access to the disk. >How-To-Repeat: Run DUMP in a jailed environment. >Fix: Add security checks on device access to prevent jailed users from gaining access to things they don't need access to. If this is a setting which can be changed, the default behavior needs to be more security conscious, or at least very very very clearly documented. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F3AE006.3040400>