Rooting FreeBSD , Privilege Escalation using Jails (P??????tur)

Jilles Tjoelker jilles at stack.nl
Tue May 10 19:09:58 UTC 2011


On Tue, May 10, 2011 at 04:08:56PM +0100, Jamie Landeg Jones wrote:
> > It used to confuzzle sysadmins on SUNos when the mount point was
> > 0700.  The underlying mode disapeared when the mount was made, but it
> > was still being enforced. Suddenly no one but root could use say /usr
> > even though it was apparently 0755

> I remember that happening! I thought it was like that on FreeBSD too,
> but if it was, it isn't any longer!

It is still required for .. to work.

For example, if the /usr directory on / is 700 but the directory on the
mounted filesystem is 755, everyone can use pathnames under /usr but only
root can use /usr/.. which is confusing and undesirable.

> I always make mount-points 0111 these days

I'd recommend to keep doing that :)

-- 
Jilles Tjoelker


More information about the freebsd-security mailing list