Date: Fri, 6 May 2011 21:55:33 +0100 From: Chris Rees <utisoft@gmail.com> To: Mark Felder <feld@feld.me> Cc: freebsd-security@freebsd.org Subject: =?iso-8859-1?q?Re=3A_Rooting_FreeBSD_=2C_Privilege_Escalation_us?= =?iso-8859-1?q?ing_Jails_=28P=E9tur=29?= Message-ID: <BANLkTikJgPt4SM_B_7drpgFvO8RkvXaOtw@mail.gmail.com> In-Reply-To: <op.vu2g4b0k34t2sn@tech304> References: <4DC40E21.6040503@gmail.com> <4DC4102E.8000700@gmail.com> <op.vu2g4b0k34t2sn@tech304>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6 May 2011 16:54, Mark Felder <feld@feld.me> wrote: > On Fri, 06 May 2011 10:13:50 -0500, Daniel Jacobsson > <daniel.jacobsson.90@gmail.com> wrote: > >> Can someone confirm if this bugg/exploit works? > > It's really not a bug or exploit... it's just the guy being crafty. It only > makes sense: the jails access the same filesystem as the host. Put a file > setuid in the jail and use your user on the host to execute that file and > voila, you're now running that executable as root. > > Your users should NEVER have access to the host of the jail. All the same, I've sent a PR [1] with some doc patches to make people more aware of this -- fulfilling my promise of 2+ years ago :S Thanks! Chris [1] http://www.freebsd.org/cgi/query-pr.cgi?pr=156853
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BANLkTikJgPt4SM_B_7drpgFvO8RkvXaOtw>