Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 08 Oct 2009 16:06:08 +0400
From:      Andrey Groshev <greenx@yartv.ru>
To:        remko@FreeBSD.org
Cc:        freebsd-bugs@FreeBSD.org
Subject:   Re: misc/139422: make the jail safe for the parent system
Message-ID:  <4ACDD5B0.5030205@yartv.ru>
In-Reply-To: <200910081032.n98AWAZd011132@freefall.freebsd.org>
References:  <200910081032.n98AWAZd011132@freefall.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Even if it not the colleague, and I.
I too can make an error, despite the fact that what I trust myself on 
hundred percent.
Also it turns out that at a successful crack and reception root 
privileges in jail, it is possible to put out of action parent system at 
the following reboot.
Since by default in jail it is started /etc/rc.


remko@FreeBSD.org пишет:
> Synopsis: make the jail safe for the parent system
>
> State-Changed-From-To: open->closed
> State-Changed-By: remko
> State-Changed-When: Thu Oct 8 10:32:10 UTC 2009
> State-Changed-Why: 
> Hello, I think I understand what you ar etrying to say here. But I think
> that only trusted people should be allowed into a jail, as well as with
> a regular server. You could give the user sudo access for specific tasks
> so tht he cannot do everything as highly privileged user. Yes ofcourse
> you might be able to get out of those things if you are creative. The
> question is, where do we put the line. I think that in this case one
> should know what he puts in rc.local, if this is a jail, and you use the
> regular scripts, the 'jail' rc.d will not be used at all. Please discuss
> this further on the questions list, and report to me in case this is
> really a problem. Anyway; thanks for using FreeBSD! It's greatly
> appreciated...
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=139422
>   




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4ACDD5B0.5030205>