From owner-freebsd-security@FreeBSD.ORG  Tue May 10 15:17:49 2011
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 490AF1065673
	for <freebsd-security@freebsd.org>;
	Tue, 10 May 2011 15:17:49 +0000 (UTC) (envelope-from db@db.net)
Received: from diana.db.net (diana.db.net [66.113.102.10])
	by mx1.freebsd.org (Postfix) with ESMTP id 054638FC0A
	for <freebsd-security@freebsd.org>;
	Tue, 10 May 2011 15:17:48 +0000 (UTC)
Received: from night.db.net (localhost [127.0.0.1])
	by diana.db.net (Postfix) with ESMTP id 170482282A;
	Tue, 10 May 2011 08:54:32 -0600 (MDT)
Received: by night.db.net (Postfix, from userid 1000)
	id 13C11709F; Tue, 10 May 2011 10:59:52 -0400 (EDT)
Date: Tue, 10 May 2011 10:59:52 -0400
From: Diane Bruce <db@db.net>
To: Jason Hellenthal <jhell@DataIX.net>
Message-ID: <20110510145952.GA18253@night.db.net>
References: <4DC40E21.6040503@gmail.com> <4DC4102E.8000700@gmail.com>
	<op.vu2g4b0k34t2sn@tech304>
	<BANLkTikJgPt4SM_B_7drpgFvO8RkvXaOtw@mail.gmail.com>
	<201105072231.p47MVktY035491@catflap.bishopston.net>
	<BANLkTikgnqXB4pdvCd9j9n7pFvg=n5FrdQ@mail.gmail.com>
	<201105091155.p49Bt604053259@catflap.bishopston.net>
	<20110510011249.GE2558@DataIX.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20110510011249.GE2558@DataIX.net>
User-Agent: Mutt/1.4.2.3i
Cc: Jamie Landeg Jones <jamie@bishopston.net>, freebsd-security@freebsd.org,
	feld@feld.me, edhoprima@gmail.com, utisoft@gmail.com
Subject: Re: Rooting FreeBSD , Privilege Escalation using Jails (P??????tur)
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 10 May 2011 15:17:49 -0000

On Mon, May 09, 2011 at 09:12:49PM -0400, Jason Hellenthal wrote:
> 
> Jamie,
...
> Tip: Quick way to lock your system down to only root: ( chmod g= / ) 
> ***Emergency Use Only**** "molly guard not present" "slippery when throbbed"
> 
> Side effect of that is its not really nice for processes 
> that run with lower privileges and isn't always apparent why things are 
> not working correctly so its best to just use nologin or drop to SU. 

It used to confuzzle sysadmins on SUNos when the mount point was
0700.  The underlying mode disapeared when the mount was made, but it
was still being enforced. Suddenly no one but root could use say /usr
even though it was apparently 0755

- Diane
-- 
- db@FreeBSD.org db@db.net http://www.db.net/~db
  Why leave money to our children if we don't leave them the Earth?