From owner-freebsd-security@FreeBSD.ORG  Sat Jan 17 01:15:28 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F21A01065670
	for <freebsd-security@freebsd.org>;
	Sat, 17 Jan 2009 01:15:28 +0000 (UTC)
	(envelope-from jan-mailinglists@demter.de)
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.8])
	by mx1.freebsd.org (Postfix) with ESMTP id 87BF58FC1C
	for <freebsd-security@freebsd.org>;
	Sat, 17 Jan 2009 01:15:28 +0000 (UTC)
	(envelope-from jan-mailinglists@demter.de)
Received: from [192.168.0.22] (91-67-214-55-dynip.superkabel.de [91.67.214.55])
	by mrelayeu.kundenserver.de (node=mrelayeu2) with ESMTP (Nemesis)
	id 0MKwtQ-1LNzaP1vfy-0004n5; Sat, 17 Jan 2009 02:02:53 +0100
Message-Id: <20AB93FA-080E-47D6-8075-B591A7DBCF38@demter.de>
From: Jan Demter <jan-mailinglists@demter.de>
To: freebsd-security@freebsd.org
In-Reply-To: <cc6847e40901151031w68a5156bsf99a9ac563ef9f01@mail.gmail.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Sat, 17 Jan 2009 02:02:52 +0100
References: <b79ecaef0901150909t54acd194t8236ded99fa2150b@mail.gmail.com>
	<cc6847e40901151031w68a5156bsf99a9ac563ef9f01@mail.gmail.com>
X-Mailer: Apple Mail (2.930.3)
X-Provags-ID: V01U2FsdGVkX18tyrmD8DL4t3vLHVfA8vBDO5lJGILJqk0NR2n
	5cifr5mdhmJMLcnxJDm9jIJFiQyuTR+GiEfS/LhLV7bH0q2OiM
	L7am7uATr/4/YO1185dBg==
Subject: Re: Thoughts on jail privilege (FAQ submission)
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Jan 2009 01:15:29 -0000

Am 15.01.2009 um 19:31 schrieb Jon Passki:

> Another thing to think about is user IDs.  You could have a user ID
> in your host of 1001.  Your jail could have a completely different  
> user
> account, but collide on the user ID of 1001.  Your host user ID 1001  
> will
> have access to those jail user ID 1001 files, unless you restrict a  
> parent
> directory.  That was the use case I came across and avoided.

I do not think restricting directories will help you a lot against  
these attacks.
User 1001 on the host has access to all running processes of user 1001  
in the jail and should be able to simply inject code to read the files  
via debugging interfaces.
As Snuggles said, best practice is to not allow access to the host to  
anyone. If you have to, you should avoid collisions of user IDs.

Greetings
Jan