Rooting FreeBSD , Privilege Escalation using Jails (P??????tur)
Dag-Erling Smørgrav
des at des.no
Tue May 10 17:24:30 UTC 2011
"Poul-Henning Kamp" <phk at phk.freebsd.dk> writes:
> "Dag-Erling Smørgrav" <des at des.no> writes:
> >Jason Hellenthal <jhell at DataIX.net> writes:
> > > Do you know if there is a way that chmod on / from within the jail could
> > > be prevented easily without breaking something ? Maybe not failing but
> > > falling though and return 0 for any operation with the sole argument of /.
> > Not without adding explicit checks in the kernel.
> I identified this issue back when I implemented jails and though long
> and hard about adding a kernel hack to paste over this. [...] I
> think we should stick to [Getty's rule] before adding more or less
> random pieces of magic to the kernel.
I vote no as well, but for a different reason: there are many other
things the jailed root can do to the root directory, including flags,
extended attributes, etc. (some of which are fs-dependent), and it would
be difficult or impossible to identify all of them, not to mention those
that aren't yet possible but will be in the future. Fixing just one (or
two, or five) of them today might give users a false sense of security,
which is inexcusable when we can give a *true* sense of security by
telling them to "chmod 0700 $D/..".
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list