Date: Tue, 10 May 2011 10:59:52 -0400 From: Diane Bruce <db@db.net> To: Jason Hellenthal <jhell@DataIX.net> Cc: Jamie Landeg Jones <jamie@bishopston.net>, freebsd-security@freebsd.org, feld@feld.me, edhoprima@gmail.com, utisoft@gmail.com Subject: Re: Rooting FreeBSD , Privilege Escalation using Jails (P??????tur) Message-ID: <20110510145952.GA18253@night.db.net> In-Reply-To: <20110510011249.GE2558@DataIX.net> References: <4DC40E21.6040503@gmail.com> <4DC4102E.8000700@gmail.com> <op.vu2g4b0k34t2sn@tech304> <BANLkTikJgPt4SM_B_7drpgFvO8RkvXaOtw@mail.gmail.com> <201105072231.p47MVktY035491@catflap.bishopston.net> <BANLkTikgnqXB4pdvCd9j9n7pFvg=n5FrdQ@mail.gmail.com> <201105091155.p49Bt604053259@catflap.bishopston.net> <20110510011249.GE2558@DataIX.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, May 09, 2011 at 09:12:49PM -0400, Jason Hellenthal wrote: > > Jamie, ... > Tip: Quick way to lock your system down to only root: ( chmod g= / ) > ***Emergency Use Only**** "molly guard not present" "slippery when throbbed" > > Side effect of that is its not really nice for processes > that run with lower privileges and isn't always apparent why things are > not working correctly so its best to just use nologin or drop to SU. It used to confuzzle sysadmins on SUNos when the mount point was 0700. The underlying mode disapeared when the mount was made, but it was still being enforced. Suddenly no one but root could use say /usr even though it was apparently 0755 - Diane -- - db@FreeBSD.org db@db.net http://www.db.net/~db Why leave money to our children if we don't leave them the Earth?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110510145952.GA18253>