Date: Wed, 28 Dec 2011 15:39:43 -0500 (EST) From: Benjamin Kaduk <kaduk@MIT.EDU> To: Marin Atanasov Nikolov <dnaeon@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: Escaping from a jail with root privileges on the host Message-ID: <alpine.GSO.1.10.1112281537460.882@multics.mit.edu> In-Reply-To: <CAJ-UWtQnYWb8TUzk91Z%2BCxgfVsDM=WtBDrpP_V9pBnv7ar47Fw@mail.gmail.com> References: <CAJ-UWtQnYWb8TUzk91Z%2BCxgfVsDM=WtBDrpP_V9pBnv7ar47Fw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[minus -stable] On Wed, 28 Dec 2011, Marin Atanasov Nikolov wrote: > Hello, > > Today I've managed to escape from a jail by accident and ended up with > root access to the host's filesystem. > > Here's what I did: > > * Using ezjail for managing my jails > * Verified in FreeBSD 9.0-BETA3 and 9.0-RC3 > * This works only when I use sudo, and cannot reproduce if I execute > everything as root I cannot see how the use of sudo would be relevant -- the fundametal issue merely requires the vnode of the directory in question to be moved (not copied) past the jail's root vnode. Could you give a bit more detail about how you came to believe that sudo is necessary? -Ben Kaduk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.GSO.1.10.1112281537460.882>