Rooting FreeBSD , Privilege Escalation using Jails (P??????tur)
William Palfreman
william at palfreman.com
Tue May 10 21:01:27 UTC 2011
On 10 May 2011 19:49, Bakul Shah <bakul at bitblocks.com> wrote:
> Dumb question: the jail command can refuse to run unless the
> parent of a jail root is 0700. Would that work? No kernel hack
> required.
If you do that then you can't us the jail with a non-root jailed user,
and I never want to give what is running in a jail anything more than
very unprivileged access.
All I do is this:
/var - as normal
/var/jails - 0700
/var/jails/jail1 - 0755
/var/jails/jail2 - 0755
etc.
If an unprivialged user outside the jail was also root inside the
jail, he wouldn't be able to get into the /var/jails directory to do
any suid rooting.
More information about the freebsd-security
mailing list