Rooting FreeBSD , Privilege Escalation using Jails (P??????tur)
Jason Hellenthal
jhell at DataIX.net
Sun May 8 07:52:10 UTC 2011
Edho,
On Sun, May 08, 2011 at 09:15:28AM +0700, Edho P Arief wrote:
> On Sun, May 8, 2011 at 5:31 AM, Jamie Landeg Jones <jamie at bishopston.net> wrote:
> >> All the same, I've sent a PR [1] with some doc patches to make people
> >> more aware of this -- fulfilling my promise of 2+ years ago :S
> >>
> >> Thanks!
> >>
> >> Chris
> >>
> >> [1] http://www.freebsd.org/cgi/query-pr.cgi?pr=156853
> >
> > Um. Some problems here.
> >
> > A jail won't work for not-root users if the jail root directory is chmod 700 - although
> > there is obviously a 'chroot' running withing the jail, the jailed user still needs
> > to have read permission from the hosts / -- chmod 700 therefore locks all non-root
> > users out.
> >
>
> It's weird - I don't remember having such problem after setting jails'
> root directory permission to 700. I don't have the system anymore so I
> can't verify it just yet.
It should also be noted here that the jailed root user also has permission
to chmod(1) '/' to anything he or she wants unless you have taken
precaution to not allow that. I would reccoment storing your jails two
levels deep into a directory and chmod(1) 700 the first level to prevent
access from the host and from the jailed root user changing the perms.
--
Regards, (jhell)
Jason Hellenthal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 522 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20110508/554915fc/attachment.pgp
More information about the freebsd-security
mailing list