From owner-freebsd-questions@FreeBSD.ORG Mon Mar 7 20:48:31 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5312E16A4CE for ; Mon, 7 Mar 2005 20:48:31 +0000 (GMT) Received: from hobbiton.shire.net (hobbiton.shire.net [166.70.252.250]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A5DC43D5D for ; Mon, 7 Mar 2005 20:48:31 +0000 (GMT) (envelope-from chad@shire.net) Received: from [67.161.222.227] (helo=[192.168.99.68]) by hobbiton.shire.net with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.43) id 1D8P9S-00096k-7G; Mon, 07 Mar 2005 13:48:30 -0700 In-Reply-To: <422C82DE.6040506@searchy.nl> References: <422C7B99.5010504@searchy.net> <20050307161304.M78434@wcborstel.nl> <422C82DE.6040506@searchy.nl> Mime-Version: 1.0 (Apple Message framework v619.2) Message-Id: From: Chad Leigh -- Shire.Net LLC Date: Mon, 7 Mar 2005 13:48:26 -0700 To: Frank de Bot X-Mailer: Apple Mail (2.619.2) X-SA-Exim-Connect-IP: 67.161.222.227 X-SA-Exim-Mail-From: chad@shire.net Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on hobbiton.shire.net X-Spam-Status: No, score=-0.1 required=5.0 tests=AWL,BAYES_50 autolearn=disabled version=3.0.0 X-Spam-Level: X-SA-Exim-Version: 4.1+cvs (built Mon, 23 Aug 2004 08:44:05 -0700) X-SA-Exim-Scanned: Yes (on hobbiton.shire.net) cc: freebsd-questions@freebsd.org Subject: Re: Jail security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Mar 2005 20:48:31 -0000 On Mar 7, 2005, at 9:35 AM, Frank de Bot wrote: > Jorn Argelo wrote: >> On Mon, 07 Mar 2005 17:04:41 +0100, Frank de Bot wrote >>> Hi, >>> >>> I've set up a jail. But I don't have any idea how safe a jail is. >>> Often is told chroot and jails can be escaped. How safe is it to >>> give other people user access to a jailed environment? or maybe even >>> root... >> A jailed process cannot leave its jail. Unless some exploit is being >> found in >> jail itself, but that's rather unlikely. A cracker can only mess up >> your jail >> and not your entire host. So if you build 4 jails for Apache, MySQL, >> Squid and >> Postfix for instance, each of those processes will only run in its >> jail and >> cannot interact with another jail or the host. Which is more secure >> then just >> putting everything on your host. >> Another major advantage of jails is that you can experiment at will >> without touching your production enviroment. Just create a jail and >> install apache in >> the other jail. Once you are finished and it works, just amend your >> firewall >> settings and you're ready to go. >> If you're experienced enough I'd encourage you to use them. It can be >> complicated for a newbie, but if you know your way around FreeBSD and >> the >> command line, you should really use jails. >> Jorn. > > > What if an exploit is found, then root should have the greatest chance > to break out of the jail, or not? > Should it be possible to assign root another UID in a jail (this is > pretty unlikely I think), so IF it breaks out it will find hisself > working as a user at the host system :-P I know it is not exhaustive, and other exploits for escaping chroot/jail may come up, but I have tried many o fthe common chroot ones and never had any luck escaping from a jail... Look at it this way -- if you don't use them for protection, they are already on your machine :-) This is an insulating layer. Chad