Rooting FreeBSD , Privilege Escalation using Jails (P??????tur)
Poul-Henning Kamp
phk at phk.freebsd.dk
Tue May 10 10:57:04 UTC 2011
In message <86zkmu26k3.fsf at ds4.des.no>, =?utf-8?Q?Dag-Erling_Smørgrav?= wr
ites:
>Jason Hellenthal <jhell at DataIX.net> writes:
>> Do you know if there is a way that chmod on / from within the jail could
>
>> be prevented easily without breaking something ? Maybe not failing but
>> falling though and return 0 for any operation with the sole argument of /.
>
>Not without adding explicit checks in the kernel.
I identified this issue back when I implemented jails and though long
and hard about adding a kernel hack to paste over this.
My conclusion was that there were not enough justification for it,
based on the usage model envisioned then: virtual-machines-light.
Gettys first rule says:
1. Do not add new functionality unless an implementor
cannot complete a real application without it.
and I think we should stick to that before adding more or less
random pieces of magic to the kernel.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the freebsd-security
mailing list