Modified version of jexec allows non-root access into jails
Robert Watson
rwatson at FreeBSD.org
Sun Dec 31 07:07:10 PST 2006
On Sat, 30 Dec 2006, Colin Percival wrote:
> Bill Moran wrote:
>> You also describe a scenerio where a user can create a jail of his own
>> design and give himself root inside it, thus allowing him to use the setuid
>> trick to get root on the host as well. The place this falls down is that
>> the user would need to already have root to create the jail in the first
>> place.
>
> Not necessarily. An unprivileged user can create hard links to binaries he
> doesn't own, including suid binaries.
BTW, I understand that Solaris has now changed the default to be that users
cannot hard link files they don't own. We have a sysctl option for that -- if
this is now a widespread default, I wonder if we should be considering
switching the default?
Robert N M Watson
Computer Laboratory
University of Cambridge
More information about the freebsd-hackers
mailing list