Date: Fri, 06 May 2011 10:54:01 -0500 From: "Mark Felder" <feld@feld.me> To: freebsd-security@freebsd.org Subject: Re: =?utf-8?q?Rooting_FreeBSD_=2C_Privilege_Escalation_using_Jail?= =?utf-8?b?cyAoUMOpdHVyKQ==?= Message-ID: <op.vu2g4b0k34t2sn@tech304> In-Reply-To: <4DC4102E.8000700@gmail.com> References: <4DC40E21.6040503@gmail.com> <4DC4102E.8000700@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 06 May 2011 10:13:50 -0500, Daniel Jacobsson <daniel.jacobsson.90@gmail.com> wrote: > Can someone confirm if this bugg/exploit works? It's really not a bug or exploit... it's just the guy being crafty. It only makes sense: the jails access the same filesystem as the host. Put a file setuid in the jail and use your user on the host to execute that file and voila, you're now running that executable as root. Your users should NEVER have access to the host of the jail.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.vu2g4b0k34t2sn>