Rooting FreeBSD , Privilege Escalation using Jails (P??????tur)
Jason Hellenthal
jhell at DataIX.net
Tue May 10 23:18:52 UTC 2011
Jamie,
On Tue, May 10, 2011 at 01:18:44PM +0100, Jamie Landeg Jones wrote:
>
> > Do you know if there is a way that chmod on / from within the jail could
> > be prevented easily without breaking something ? Maybe not failing but
> > falling though and return 0 for any operation with the sole argument of /.
>
> Enforcing 700 on the jail root?
>
> Whilst I was wrong on chmod 700 on (say) /usr/jails it is still the case
> that the root directory of the jail itself (/usr/jail/jailname) has to
> be 755 for non-root processeses within the jail to access the filesystem!
>
Sorry for the late reply on this.
What I was thinking of is enforcing from within the jail that all system
calls to chmod(2), chflags(2), chown(2) and anything that can change the
directories access modes should be passed silently when the argument to
the command is operating on the root directory.
--
Regards, (jhell)
Jason Hellenthal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 522 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20110510/42d51805/attachment.pgp
More information about the freebsd-security
mailing list