Date: Tue, 10 May 2011 10:49:10 -0700 From: Bakul Shah <bakul@bitblocks.com> To: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> Cc: Jamie Landeg Jones <jamie@bishopston.net>, Jason Hellenthal <jhell@DataIX.net>, feld@feld.me, Edho P Arief <edhoprima@gmail.com>, freebsd-security@freebsd.org, Poul-Henning Kamp <phk@phk.freebsd.dk>, utisoft@gmail.com Subject: Re: Rooting FreeBSD , Privilege Escalation using Jails (P??????tur) Message-ID: <20110510174910.64E48B827@mail.bitblocks.com> In-Reply-To: Your message of "Tue, 10 May 2011 19:24:28 %2B0200." <86k4dy31v7.fsf@ds4.des.no> References: <20051.1305023864@critter.freebsd.dk> <86k4dy31v7.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 10 May 2011 19:24:28 +0200 =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> wrote: > I vote no as well, but for a different reason: there are many other > things the jailed root can do to the root directory, including flags, > extended attributes, etc. (some of which are fs-dependent), and it would > be difficult or impossible to identify all of them, not to mention those > that aren't yet possible but will be in the future. Fixing just one (or > two, or five) of them today might give users a false sense of security, > which is inexcusable when we can give a *true* sense of security by > telling them to "chmod 0700 $D/..". Dumb question: the jail command can refuse to run unless the parent of a jail root is 0700. Would that work? No kernel hack required.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110510174910.64E48B827>