Date: Wed, 05 Mar 2014 17:28:37 -0700 From: James Gritton <jamie@freebsd.org> To: d@delphij.net, Nicola Galante <galante@veritas.sao.arizona.edu> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>, "secteam@FreeBSD.org" <secteam@FreeBSD.org> Subject: Re: misc/187307: Security vulnerability with FreeBSD Jail Message-ID: <5317C135.6060404@freebsd.org> In-Reply-To: <5317B597.5050900@delphij.net> References: <201403052307.s25N7NoD045308@cgiserv.freebsd.org> <5317B597.5050900@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3/5/2014 4:39 PM, Xin Li wrote: > This is NOT a problem with jail. For starters, it's very bad idea to > give out host shell account, privileged or not, to jail users if they > are not trusted. Let's consider this scenario: > > jail$ su -l > jail# cp /usr/bin/less /bin/root_shell > jail# chown root:wheel /bin/root_shell > jail# chmod 6555 /bin/root_shell > jail# logout > jail$ logout > > Then, you basically have a setuid binary that can be reached from host > system. As an attacker I would do: > > host$ /path/to/jail/bin/root_shell That's an important point: jails are good for their *own* security, but they make the base system insecure for allowing untrusted users. I can see user accounts for the admin's own use (likely the condition that was originally reported), but that's the only account I would consider allowing. - Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5317C135.6060404>