Date: Thu, 15 Jan 2009 17:09:05 +0000 From: "Chris Rees" <utisoft@googlemail.com> To: freebsd-security@freebsd.org Subject: Thoughts on jail privilege (FAQ submission) Message-ID: <b79ecaef0901150909t54acd194t8236ded99fa2150b@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hey all, I think that there should be a warning (on the jail man page or handbook page perhaps), on setuid in jails. Ex: John <-- user on the (host) server I give John root access to a jail (just for him to play with), and he then sets vi (for example) to setuid root. He then sshs into the host, and uses $ /usr/jail/johnsandbox/usr/bin/vi /usr/local/etc/sudoers He now has root! Am I completely thick not to have noticed this, or should there be a warning about people being allowed to have root in a jail where they have unprivileged access to the host? Or have I missed the point of a jail? Regards Chris -- R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. > (sendmail.cf)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b79ecaef0901150909t54acd194t8236ded99fa2150b>