Rooting FreeBSD , Privilege Escalation using Jails (P??????tur)

William Palfreman william at palfreman.com
Tue May 10 21:01:27 UTC 2011


On 10 May 2011 19:49, Bakul Shah <bakul at bitblocks.com> wrote:
> Dumb question: the jail command can refuse to run unless the
> parent of a jail root is 0700. Would that work? No kernel hack
> required.

If you do that then you can't us the jail with a non-root jailed user,
and I never want to give what is running in a jail anything more than
very unprivileged access.

All I do is this:
/var - as normal
/var/jails - 0700
/var/jails/jail1 - 0755
/var/jails/jail2 - 0755
etc.

If an unprivialged user outside the jail was also root inside the
jail, he wouldn't be able to get into the /var/jails directory to do
any suid rooting.


More information about the freebsd-security mailing list