Date: Sat, 17 Jan 2009 02:02:52 +0100 From: Jan Demter <jan-mailinglists@demter.de> To: freebsd-security@freebsd.org Subject: Re: Thoughts on jail privilege (FAQ submission) Message-ID: <20AB93FA-080E-47D6-8075-B591A7DBCF38@demter.de> In-Reply-To: <cc6847e40901151031w68a5156bsf99a9ac563ef9f01@mail.gmail.com> References: <b79ecaef0901150909t54acd194t8236ded99fa2150b@mail.gmail.com> <cc6847e40901151031w68a5156bsf99a9ac563ef9f01@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 15.01.2009 um 19:31 schrieb Jon Passki: > Another thing to think about is user IDs. You could have a user ID > in your host of 1001. Your jail could have a completely different > user > account, but collide on the user ID of 1001. Your host user ID 1001 > will > have access to those jail user ID 1001 files, unless you restrict a > parent > directory. That was the use case I came across and avoided. I do not think restricting directories will help you a lot against these attacks. User 1001 on the host has access to all running processes of user 1001 in the jail and should be able to simply inject code to read the files via debugging interfaces. As Snuggles said, best practice is to not allow access to the host to anyone. If you have to, you should avoid collisions of user IDs. Greetings Jan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20AB93FA-080E-47D6-8075-B591A7DBCF38>