From owner-freebsd-security@FreeBSD.ORG Tue May 10 16:41:55 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4E9FB1065670 for ; Tue, 10 May 2011 16:41:55 +0000 (UTC) (envelope-from utisoft@gmail.com) Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id CD7288FC1D for ; Tue, 10 May 2011 16:41:54 +0000 (UTC) Received: by bwz12 with SMTP id 12so7394441bwz.13 for ; Tue, 10 May 2011 09:41:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:reply-to:date:message-id:subject :from:to:cc:content-type; bh=9TG2ex65bMJNfhg1ttnQSt6uQDWVhKB5V7RSBG1vCvA=; b=pESUg1sbpJzmmjceB+AbeCCsF9WjGU4WgXPxPmwr22qX+qFfBdLiW9h/6ePVZuf/uA VMGksmLQ1wvAXnKZHLevPG+6CE5mRlP8DH3FXsDwANMyOoZYaIEzSPXt+NiDX2NMEHEH MX21vIDnDvdXthGgqBmQHIdcllEFNcYQUwTXA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:reply-to:date:message-id:subject:from:to:cc :content-type; b=MtBdkP++oIOtswtfCG/kCtdS8MW4dLa5AVrSWrpNsC+G1RzuDEuZoQgowWA0XJp+Sr 1oBPga4rIHfI/YPO+nU0iNqExFP3Vj0AEcHJbTFzL6hihodhUNb/zfEMZ1UlXr+ecBp0 TfsUN68c8gwk/rQcOFaZeGkfuV16YtW90OaHQ= MIME-Version: 1.0 Received: by 10.204.74.11 with SMTP id s11mr4329bkj.43.1305045713408; Tue, 10 May 2011 09:41:53 -0700 (PDT) Received: by 10.204.42.21 with HTTP; Tue, 10 May 2011 09:41:53 -0700 (PDT) Received: by 10.204.42.21 with HTTP; Tue, 10 May 2011 09:41:53 -0700 (PDT) Date: Tue, 10 May 2011 17:41:53 +0100 Message-ID: From: Chris Rees To: Jamie Landeg Jones Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org, db@db.net Subject: Re: Rooting FreeBSD , Privilege Escalation using Jails (P??????tur) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: utisoft@gmail.com List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 May 2011 16:41:55 -0000 On 10 May 2011 16:10, "Jamie Landeg Jones" wrote: > > > It used to confuzzle sysadmins on SUNos when the mount point was > > 0700. The underlying mode disapeared when the mount was made, but it > > was still being enforced. Suddenly no one but root could use say /usr > > even though it was apparently 0755 > > I remember that happening! I thought it was like that on FreeBSD too, > but if it was, it isn't any longer! > > I always make mount-points 0111 these days > Why not 0000? What sense does having -r+x make? Chris