Date: Tue, 10 May 2011 19:18:44 -0400 From: Jason Hellenthal <jhell@DataIX.net> To: Jamie Landeg Jones <jamie@bishopston.net> Cc: des@des.no, feld@feld.me, edhoprima@gmail.com, utisoft@gmail.com, freebsd-security@freebsd.org Subject: Re: Rooting FreeBSD , Privilege Escalation using Jails (P??????tur) Message-ID: <20110510231843.GA67882@DataIX.net> In-Reply-To: <201105101218.p4ACIio8033823@catflap.bishopston.net> References: <201105072231.p47MVktY035491@catflap.bishopston.net> <BANLkTikgnqXB4pdvCd9j9n7pFvg=n5FrdQ@mail.gmail.com> <20110508075203.GA61754@DataIX.net> <BANLkTi=8by=rtbNUDtA8CRSMJsmgPOR2XA@mail.gmail.com> <20110508173931.GA2757@DataIX.net> <86fwoof8lj.fsf@ds4.des.no> <BANLkTi=-0=L0MmezOCa=tiv6DrwHYZ83AQ@mail.gmail.com> <86zkmwdpdl.fsf@ds4.des.no> <20110509144947.GB77054@DataIX.net> <201105101218.p4ACIio8033823@catflap.bishopston.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--M9NhX3UHpAaciwkO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Jamie, On Tue, May 10, 2011 at 01:18:44PM +0100, Jamie Landeg Jones wrote: >=20 > > Do you know if there is a way that chmod on / from within the jail coul= d=20 > > be prevented easily without breaking something ? Maybe not failing but= =20 > > falling though and return 0 for any operation with the sole argument of= /. >=20 > Enforcing 700 on the jail root? >=20 > Whilst I was wrong on chmod 700 on (say) /usr/jails it is still the case > that the root directory of the jail itself (/usr/jail/jailname) has to > be 755 for non-root processeses within the jail to access the filesystem! >=20 Sorry for the late reply on this. What I was thinking of is enforcing from within the jail that all system=20 calls to chmod(2), chflags(2), chown(2) and anything that can change the=20 directories access modes should be passed silently when the argument to=20 the command is operating on the root directory. --=20 Regards, (jhell) Jason Hellenthal --M9NhX3UHpAaciwkO Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) Comment: http://bit.ly/0x89D8547E iQEcBAEBAgAGBQJNycfTAAoJEJBXh4mJ2FR+0s4IAIXFxI7k819MBfSOAgvIxlgu HVXGlwGjB+EVDuPKiVGExlN0ezje+RUZWAkFfM/BGoTxAptY5Icz5bG4INHddyP5 ikoiqMSe68vEUKklmHQXs8tYI3Poj4u5ZpcuUcc3H4wL+QB+FQPtIAXXp4oEKHY0 3+0bMpQbFQ3QdeNVeA1sKdPId8uJYI4dT/tBVsrC1xJKlm3/nGmWZ+SCT6q7SEYI A+WImLiHa4l32E0mfEC7bbgmmg90Xg6Kg01stk3ZLBAHQzlcR8MMhnsGtQzJwztC NouVclKqxLIcSFFWvyDcymcYeVIdXgrUspEwXzzTj3sOVdxDvEd+lkQ50dN3y64= =upS1 -----END PGP SIGNATURE----- --M9NhX3UHpAaciwkO--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110510231843.GA67882>