From owner-freebsd-security  Mon Jan 14 20: 3:48 2002
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 9889B37B41D
	for <freebsd-security@FreeBSD.ORG>; Mon, 14 Jan 2002 20:03:45 -0800 (PST)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.6/8.11.5) with SMTP id g0F43PD41594;
	Mon, 14 Jan 2002 23:03:26 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Date: Mon, 14 Jan 2002 23:03:25 -0500 (EST)
From: Robert Watson <rwatson@FreeBSD.ORG>
X-Sender: robert@fledge.watson.org
To: "Ryan C. Creasey" <ryan-fbsd@p11.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: RE: jail and NFS
In-Reply-To: <000001c19d2d$a5dae5c0$2801a8c0@office.p11.com>
Message-ID: <Pine.NEB.3.96L.1020114230038.41559A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


On Mon, 14 Jan 2002, Ryan C. Creasey wrote:

> But there are too many little instances that I seem to overlook.  Does
> anyone know of a project (freshmeat?) out there that does this?  Or am I
> just unusual for wanting users to believe they're not in a jail? 

The problem is that it would be almost impossible to hide all evidence of
the user being in a jail, due to the way in which jail is implemented.  If
you have root in the jail, you can trivially tell simply by attempting
certain privileged operations, which are limited in jail.  In fact,
configuring a /dev such that it didn't look like a jail, in practice,
would leave you with a system that wasn't in jail :-).  Hiding this
requires a great deal of virtualization, and is probably better suited to
VMware-like solutions.  Hiding the nature of the host environment, on the
other hand, is something that is much easier to do.  It would probably be
worth adding another policy tweak sysctl to hide mount information, which
is something I've seen a number of requests for.  FreeBSD 5.0-CURRENT does
a much better job of limiting information leak into jail, btw, than
4.x-STABLE, due to a reworking of the inter-process authorization.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message