Date: Wed, 13 Aug 2003 21:04:06 -0400 From: mjoyner <mjoyner@rv1.dynip.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/55568: DUMP has access to block devices in a JAIL Message-ID: <3F3AE006.3040400@rv1.dynip.com> Resent-Message-ID: <200308140110.h7E1AJuu077239@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 55568
>Category: kern
>Synopsis: DUMP can be used in JAIL
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Aug 13 18:10:18 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: System Administrator
>Release: FreeBSD 5.1-RELEASE i386
>Organization:
>Environment:
System: FreeBSD eadmin.dyns.net 5.1-RELEASE FreeBSD 5.1-RELEASE #0: Mon
Aug 11 15:5
3:58 EDT 2003
sysadmin@eadmin.dyns.net:/usr/src/sys/i386/compile/kernel.build.conf
i386
>Description:
A jailed root user can use DUMP and gain a snapshot of the
entire disk.
From there the jailed root user can restore files from the HOST
SYSTEM
or any other jails at their leisure.
Even if DEVFS is not mounted, a root user could possibly create a
device node anyways, and one needs TTYS anyways.
Some sort of check is not occurring in the disk access code that
is needed to prevent JAILED users ANY raw access to the disk.
>How-To-Repeat:
Run DUMP in a jailed environment.
>Fix:
Add security checks on device access to prevent jailed users
from gaining access to things they don't need access to.
If this is a setting which can be changed, the default behavior
needs to be more security conscious, or at least very very very
clearly documented.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F3AE006.3040400>