Rooting FreeBSD , Privilege Escalation using Jails (P??????tur)
Edho P Arief
edhoprima at gmail.com
Sun May 8 07:56:16 UTC 2011
On Sun, May 8, 2011 at 2:52 PM, Jason Hellenthal <jhell at dataix.net> wrote:
>
> Edho,
>
> It should also be noted here that the jailed root user also has permission
> to chmod(1) '/' to anything he or she wants unless you have taken
> precaution to not allow that. I would reccoment storing your jails two
> levels deep into a directory and chmod(1) 700 the first level to prevent
> access from the host and from the jailed root user changing the perms.
>
I indeed changed the permission above the jail's root. I usually make
it like this:
/jails/jailname/root
and I set 700 on /jails/jailname. It's been a long time but as I said
before I don't remember encountering permission problem in the jail.
Or perhaps I remembered it wrong.
More information about the freebsd-security
mailing list