Rooting FreeBSD , Privilege Escalation using Jails (P�tur)
Jamie Landeg Jones
jamie at bishopston.net
Sat May 7 22:31:50 UTC 2011
> All the same, I've sent a PR [1] with some doc patches to make people
> more aware of this -- fulfilling my promise of 2+ years ago :S
>
> Thanks!
>
> Chris
>
> [1] http://www.freebsd.org/cgi/query-pr.cgi?pr=156853
Um. Some problems here.
A jail won't work for not-root users if the jail root directory is chmod 700 - although
there is obviously a 'chroot' running withing the jail, the jailed user still needs
to have read permission from the hosts / -- chmod 700 therefore locks all non-root
users out.
I would suggest you add to the docs about the UID clash problem - untrusted users on the host
shouldn't have the same UID/GID as jailed users, as they will have access to their files.
And of course, the bit mentioned earlier where an untrusted jail user with jail-root access
should NEVER have access to the host!o
Among other things, my password file in both jails and the host has this line:
# 8000 to 9999 - Reserved for use within jails - do not use in main host!
cheers,
Jamie
More information about the freebsd-security
mailing list