Date: Thu, 08 Oct 2009 16:06:08 +0400 From: Andrey Groshev <greenx@yartv.ru> To: remko@FreeBSD.org Cc: freebsd-bugs@FreeBSD.org Subject: Re: misc/139422: make the jail safe for the parent system Message-ID: <4ACDD5B0.5030205@yartv.ru> In-Reply-To: <200910081032.n98AWAZd011132@freefall.freebsd.org> References: <200910081032.n98AWAZd011132@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Even if it not the colleague, and I. I too can make an error, despite the fact that what I trust myself on hundred percent. Also it turns out that at a successful crack and reception root privileges in jail, it is possible to put out of action parent system at the following reboot. Since by default in jail it is started /etc/rc. remko@FreeBSD.org пишет: > Synopsis: make the jail safe for the parent system > > State-Changed-From-To: open->closed > State-Changed-By: remko > State-Changed-When: Thu Oct 8 10:32:10 UTC 2009 > State-Changed-Why: > Hello, I think I understand what you ar etrying to say here. But I think > that only trusted people should be allowed into a jail, as well as with > a regular server. You could give the user sudo access for specific tasks > so tht he cannot do everything as highly privileged user. Yes ofcourse > you might be able to get out of those things if you are creative. The > question is, where do we put the line. I think that in this case one > should know what he puts in rc.local, if this is a jail, and you use the > regular scripts, the 'jail' rc.d will not be used at all. Please discuss > this further on the questions list, and report to me in case this is > really a problem. Anyway; thanks for using FreeBSD! It's greatly > appreciated... > > http://www.freebsd.org/cgi/query-pr.cgi?pr=139422 >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4ACDD5B0.5030205>