Date: Sat, 30 Dec 2006 20:59:47 -0800 From: Colin Percival <cperciva@freebsd.org> To: Bill Moran <wmoran@collaborativefusion.com> Cc: freebsd-hackers@freebsd.org Subject: Re: Modified version of jexec allows non-root access into jails Message-ID: <459743C3.90801@freebsd.org> In-Reply-To: <20061229090146.d2bc2b1c.wmoran@collaborativefusion.com> References: <20061229120030.3DCE316A530@hub.freebsd.org> <45950CFD.5020506@freebsd.org> <20061229090146.d2bc2b1c.wmoran@collaborativefusion.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Bill Moran wrote: > You also describe a scenerio where a user can create a jail of his own > design and give himself root inside it, thus allowing him to use the > setuid trick to get root on the host as well. The place this falls down > is that the user would need to already have root to create the jail in the > first place. Not necessarily. An unprivileged user can create hard links to binaries he doesn't own, including suid binaries. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?459743C3.90801>