Rooting FreeBSD , Privilege Escalation using Jails (P�tur)

[Jason Hellenthal]

Jamie,

On Mon, May 09, 2011 at 12:55:06PM +0100, Jamie Landeg Jones wrote:
> > > A jail won't work for not-root users if the jail root directory is chmod 700 - although
> > > there is obviously a 'chroot' running withing the jail, the jailed user still needs
> > > to have read permission from the hosts / -- chmod 700 therefore locks all non-root
> > > users out.
> > >
> >
> > It's weird - I don't remember having such problem after setting jails'
> > root directory permission to 700. I don't have the system anymore so I
> > can't verify it just yet.
> 
> I just tried it again (Freebsd 8.2) and I am wrong.
> 
> Setting 700 on the jail root does indeed mess things up. But setting it on
> the parent (e.g. /usr/jails), and things are fine.
> 
> Stupidly of me, that makes perfect sense. The non-privileged user needs
> read access to the jails "/"
> 
> Sorry for the spam

In no-way is it spam. Consider it a 'test'imonial to others that may ask 
that question in the future ;)

Tip: Quick way to lock your system down to only root: ( chmod g= / ) 
***Emergency Use Only**** "molly guard not present" "slippery when throbbed"

Side effect of that is its not really nice for processes 
that run with lower privileges and isn't always apparent why things are 
not working correctly so its best to just use nologin or drop to SU. 

-- 

 Regards, (jhell)
 Jason Hellenthal

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 522 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20110510/9c5c2778/attachment.pgp