Date: Tue, 10 May 2011 10:37:44 +0000 From: "Poul-Henning Kamp" <phk@phk.freebsd.dk> To: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> Cc: Jamie Landeg Jones <jamie@bishopston.net>, Jason Hellenthal <jhell@DataIX.net>, feld@feld.me, Edho P Arief <edhoprima@gmail.com>, freebsd-security@freebsd.org, utisoft@gmail.com Subject: Re: Rooting FreeBSD , Privilege Escalation using Jails (P??????tur) Message-ID: <20051.1305023864@critter.freebsd.dk> In-Reply-To: Your message of "Tue, 10 May 2011 12:28:28 %2B0200." <86zkmu26k3.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <86zkmu26k3.fsf@ds4.des.no>, =?utf-8?Q?Dag-Erling_Smørgrav?= wr ites: >Jason Hellenthal <jhell@DataIX.net> writes: >> Do you know if there is a way that chmod on / from within the jail could > >> be prevented easily without breaking something ? Maybe not failing but >> falling though and return 0 for any operation with the sole argument of /. > >Not without adding explicit checks in the kernel. I identified this issue back when I implemented jails and though long and hard about adding a kernel hack to paste over this. My conclusion was that there were not enough justification for it, based on the usage model envisioned then: virtual-machines-light. Gettys first rule says: 1. Do not add new functionality unless an implementor cannot complete a real application without it. and I think we should stick to that before adding more or less random pieces of magic to the kernel. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051.1305023864>