Date: Tue, 10 May 2011 13:18:44 +0100 From: Jamie Landeg Jones <jamie@bishopston.net> To: jhell@DataIX.net, des@des.no Cc: jamie@bishopston.net, freebsd-security@freebsd.org, feld@feld.me, edhoprima@gmail.com, utisoft@gmail.com Subject: Re: Rooting FreeBSD , Privilege Escalation using Jails (P??????tur) Message-ID: <201105101218.p4ACIio8033823@catflap.bishopston.net> In-Reply-To: <20110509144947.GB77054@DataIX.net> References: <op.vu2g4b0k34t2sn@tech304> <BANLkTikJgPt4SM_B_7drpgFvO8RkvXaOtw@mail.gmail.com> <201105072231.p47MVktY035491@catflap.bishopston.net> <BANLkTikgnqXB4pdvCd9j9n7pFvg=n5FrdQ@mail.gmail.com> <20110508075203.GA61754@DataIX.net> <BANLkTi=8by=rtbNUDtA8CRSMJsmgPOR2XA@mail.gmail.com> <20110508173931.GA2757@DataIX.net> <86fwoof8lj.fsf@ds4.des.no> <BANLkTi=-0=L0MmezOCa=tiv6DrwHYZ83AQ@mail.gmail.com> <86zkmwdpdl.fsf@ds4.des.no> <20110509144947.GB77054@DataIX.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> Do you know if there is a way that chmod on / from within the jail could > be prevented easily without breaking something ? Maybe not failing but > falling though and return 0 for any operation with the sole argument of /. Enforcing 700 on the jail root? Whilst I was wrong on chmod 700 on (say) /usr/jails it is still the case that the root directory of the jail itself (/usr/jail/jailname) has to be 755 for non-root processeses within the jail to access the filesystem! cheers, Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201105101218.p4ACIio8033823>