Date: Thu, 21 Apr 2005 08:23:46 -0400 (EDT) From: c0ldbyte <c0ldbyte@myrealbox.com> To: freebsd-hackers@freebsd.org Subject: Re: Configuration differences for jails Message-ID: <20050421081253.S51738@eleanor.us1.wmi.uvac.net> In-Reply-To: <20050421114359.GA10842@britannica.bec.de> References: <BAY2-F389017D4F55242220F49FFF22B0@phx.gbl> <20050420151104.GA11753@grummit.biaix.org> <20050421073009.G51738@eleanor.us1.wmi.uvac.net> <20050421114359.GA10842@britannica.bec.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 21 Apr 2005, Joerg Sonnenberger wrote: > On Thu, Apr 21, 2005 at 07:39:08AM -0400, c0ldbyte wrote: >> Now if that last question is correct and thats the proccess you are using >> to create a jail then depending on the situation wouldnt that inturn >> defeat some of the main purposes of the jail, like the following. If you >> mounted your "/bin" on "/mnt/jail/bin" then if a person that was looking >> to break in and effect the system that is currently locked in the "jail" >> all he would have to do is just write something to the "jail/bin" which is >> actualy your root "/bin" and then the next time a binary is used from your >> root directories it could still infect the rest of the system ultimately >> defeating the purpose of what you just set up. To my understanding and use >> a jail is somewhat totaly independent of the OS that it resides in and >> wont be if you are using nullfs to mount root binary directories on it. > > ro mount as written by grant parent protects against this. > > Joerg Right, I saw the (ro) option as you specified, but still there have been flaws in the sytem and forseen more flaws to come as allmost any programmer these days come accross and to just rely on it being (ro) just seems kind of not something that you should look to totaly to protect the system that the jail resides on. Even though in the unpredicted future a jail could be broken out of to such a instance I consider it to be a safer practice to just make installworld $DESTDIR && make distribution DESTDIR=$DESTJAIL -DNO_MAKEDEV_RUN and just delete stuff out of $DESTJAIL that you dont need for things to run properly and then there is never a instance or less of a chance that things will go wrong for you. As I said before depending on the use of the jail as well would also be a determination on how the jail is setup to but should never interact with the main system that holds the jail. Thats only my opinion though and just releaves thought about other security issues that deal with the main part of the system. -- ( When in doubt, use brute force. -- Ken Thompson 1998 )
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050421081253.S51738>