From owner-freebsd-security@FreeBSD.ORG  Tue May 10 18:07:22 2011
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A5979106564A
	for <freebsd-security@freebsd.org>;
	Tue, 10 May 2011 18:07:22 +0000 (UTC)
	(envelope-from bakul@bitblocks.com)
Received: from mail.bitblocks.com (ns1.bitblocks.com [173.228.5.8])
	by mx1.freebsd.org (Postfix) with ESMTP id 88EE88FC15
	for <freebsd-security@freebsd.org>;
	Tue, 10 May 2011 18:07:20 +0000 (UTC)
Received: from bitblocks.com (localhost [127.0.0.1])
	by mail.bitblocks.com (Postfix) with ESMTP id 64E48B827;
	Tue, 10 May 2011 10:49:10 -0700 (PDT)
To: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
In-reply-to: Your message of "Tue, 10 May 2011 19:24:28 +0200."
	<86k4dy31v7.fsf@ds4.des.no> 
References: <20051.1305023864@critter.freebsd.dk> <86k4dy31v7.fsf@ds4.des.no>
Comments: In-reply-to =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
	message dated "Tue, 10 May 2011 19:24:28 +0200."
Date: Tue, 10 May 2011 10:49:10 -0700
From: Bakul Shah <bakul@bitblocks.com>
Message-Id: <20110510174910.64E48B827@mail.bitblocks.com>
Cc: Jamie Landeg Jones <jamie@bishopston.net>,
	Jason Hellenthal <jhell@DataIX.net>, feld@feld.me,
	Edho P Arief <edhoprima@gmail.com>, freebsd-security@freebsd.org,
	Poul-Henning Kamp <phk@phk.freebsd.dk>, utisoft@gmail.com
Subject: Re: Rooting FreeBSD , Privilege Escalation using Jails (P??????tur) 
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 10 May 2011 18:07:22 -0000

On Tue, 10 May 2011 19:24:28 +0200 =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>  wrote:
> I vote no as well, but for a different reason: there are many other
> things the jailed root can do to the root directory, including flags,
> extended attributes, etc. (some of which are fs-dependent), and it would
> be difficult or impossible to identify all of them, not to mention those
> that aren't yet possible but will be in the future.  Fixing just one (or
> two, or five) of them today might give users a false sense of security,
> which is inexcusable when we can give a *true* sense of security by
> telling them to "chmod 0700 $D/..".

Dumb question: the jail command can refuse to run unless the
parent of a jail root is 0700. Would that work? No kernel hack
required.