From owner-freebsd-questions@freebsd.org Fri Dec 11 05:32:49 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7246C9D715F for ; Fri, 11 Dec 2015 05:32:49 +0000 (UTC) (envelope-from ike@michaeleichorn.com) Received: from mx1.eichornenterprises.com (mx1.eichornenterprises.com [104.236.13.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.eichornenterprises.com", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 244BA1867 for ; Fri, 11 Dec 2015 05:32:48 +0000 (UTC) (envelope-from ike@michaeleichorn.com) Received: from mail.eichornenterprises.com (cpe-184-59-147-149.neo.res.rr.com [184.59.147.149]) by mx1.eichornenterprises.com (OpenSMTPD) with ESMTP id 1027d545; Fri, 11 Dec 2015 00:32:45 -0500 (EST) Received: by mail.eichornenterprises.com (OpenSMTPD) with ESMTPSA id 2c80914d TLS version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO; Fri, 11 Dec 2015 00:32:44 -0500 (EST) Message-ID: <1449811964.30424.61.camel@michaeleichorn.com> Subject: Re: best practice for locking down private jail? From: "Michael B. Eichorn" To: Aleksandr Miroslav , freebsd-questions@freebsd.org Date: Fri, 11 Dec 2015 00:32:44 -0500 In-Reply-To: References: <20151203073923.17dae0c41a2b5e29a5b3a3dd@sohara.org> <20151210144007.GA23555@fanty-a.tf.uni-kiel.de> <20151210150224.18d842126bf67bb0b07dcdf6@sohara.org> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.18.2 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Dec 2015 05:32:49 -0000 On Thu, 2015-12-10 at 11:33 -0800, Aleksandr Miroslav wrote: > On Thu, Dec 10, 2015 at 7:02 AM, Steve O'Hara-Smith > wrote: > > > I think the cron job isn't needed. Create a directory outside the > > > jails > > > and mount it as nullfs and 'rw' into the upload jail and 'ro' > > > into the > > > web server jail. We do this on a zfs basis. > > > > That works of course, but loses the opportunity to verify the files > > before putting them online. > > Exactly. The situation I'm trying to avoid is where someone > compromises the key > and credentials of the uploader and is able to accesses the "upload" > jail. If I sanitize > the files before copying them to the "web" jail, just about the only > thing they will be > able to do is put up audio files of the form lecture-001.mp3, > lecture-002.mp3, and so one. Although if you want to be really paranoid have the cron script spin up another jail to do the validations in and run an IDS against the jail afterwards to make sure there were no tar/libmagic/whatever exploits in the uploaded file. After all, if you really don't trust it don't run it on the jailhost either. I am sure we get get this really complicated if the whole list piles on. [Read this whole thing as me being a smart-aleck, what you have done already is better than most sysadmins would bother with, I just couldn't resist.]