Rooting FreeBSD , Privilege Escalation using Jails (P??????tur)
Bakul Shah
bakul at bitblocks.com
Wed May 11 06:21:52 UTC 2011
On Wed, 11 May 2011 05:28:16 -0000 Janne Snabb <snabb at epipe.com> wrote:
> On Tue, 10 May 2011, Bakul Shah wrote:
>
> > Dumb question: the jail command can refuse to run unless the
> > parent of a jail root is 0700. Would that work? No kernel hack
> > required.
>
> I do not think that this should be enforced in kernel, in the jail(8)
> command nor anywhere else. UNIX rm(1) is not opening a pop-up window
> asking "are you sure?" if you do "rm -rf /". The OS should not
> impose arbitrary restrictions based on some random assumptions on
> how a particular OS facility is going to be used.
...
> This should go in to the documentation as a recommendation for some
> common jail use cases, but seriously, really not in the code, please.
>
> In UNIX we do not want to prevent people from shooting themselves
> in the foot. We should assume that the system administrator knows
> what they want and should not restrict their freedom to do so.
I agree that people should not be prevented from shooting
themselves in the foot but I do suggest that "accidental"
footshooting can be prevented by leaving the gun safey on.
Force them to take some explicit action for footshooting!
So let me modify my dumb suggestion: allow running a jail if
either the jail's parent dir has mode 0700 or the user
specified -f flag (analogous to rm -f). [You may still not
like it, but so it goes!]
More information about the freebsd-security
mailing list