Rooting FreeBSD , Privilege Escalation using Jails (P�tur)
Jamie Landeg Jones
jamie at bishopston.net
Mon May 9 19:28:59 UTC 2011
> > A jail won't work for not-root users if the jail root directory is chmod 700 - although
> > there is obviously a 'chroot' running withing the jail, the jailed user still needs
> > to have read permission from the hosts / -- chmod 700 therefore locks all non-root
> > users out.
> >
>
> It's weird - I don't remember having such problem after setting jails'
> root directory permission to 700. I don't have the system anymore so I
> can't verify it just yet.
I just tried it again (Freebsd 8.2) and I am wrong.
Setting 700 on the jail root does indeed mess things up. But setting it on
the parent (e.g. /usr/jails), and things are fine.
Stupidly of me, that makes perfect sense. The non-privileged user needs
read access to the jails "/"
Sorry for the spam
More information about the freebsd-security
mailing list