From owner-freebsd-questions@FreeBSD.ORG Sat Dec 13 20:05:08 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8E5261B2 for ; Sat, 13 Dec 2014 20:05:08 +0000 (UTC) Received: from m2.gritton.org (gritton.org [63.246.134.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 583AAFC3 for ; Sat, 13 Dec 2014 20:05:07 +0000 (UTC) Received: from m2.gritton.org (gritton.org [63.246.134.121]) by m2.gritton.org (8.14.9/8.14.9) with ESMTP id sBDJxYDJ061105 for ; Sat, 13 Dec 2014 12:59:34 -0700 (MST) (envelope-from jamie@freebsd.org) Received: (from www@localhost) by m2.gritton.org (8.14.9/8.14.9/Submit) id sBDJxXfj061104; Sat, 13 Dec 2014 12:59:33 -0700 (MST) (envelope-from jamie@freebsd.org) X-Authentication-Warning: gritton.org: www set sender to jamie@freebsd.org using -f To: freebsd-questions@freebsd.org Subject: Re: freebsd 10.1-RELEASE: jail security errors - GID 0 not dropped completely X-PHP-Originating-Script: 0:rcube.php MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Sat, 13 Dec 2014 12:59:33 -0700 From: James Gritton In-Reply-To: <042a01d011bd$e4cb1530$ae613f90$@mgedv.net> References: <042a01d011bd$e4cb1530$ae613f90$@mgedv.net> Message-ID: <5f292bdb8f6779ab8868d51d8dbce7c3@gritton.org> X-Sender: jamie@freebsd.org User-Agent: Roundcube Webmail/1.0.3 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2014 20:05:08 -0000 On 2014-12-06 18:34, no@spam@mgEDV.net wrote: > hi guys, > > as the "real" application faces the same problems, i created a test > jail on a clean box just to check the behaviour using "/usr/bin/id". > > problem description (hopefully i nailed it): > if a jailed process needs any .so for startup, the path to those *.so > needs to be world r-x, although the GID of the jail execute user > is allowed to r/x the dirs, where the *.so files are to be found. > there could be (ordering) errors with SET(e)GID in jail_* functions, > because it works as expected when prefixing with "chroot -g test /". > the EGID is dropped to the jail user's gid, but the GID is still 0! > we end up with a jailed proc (UID=999, GID=0), which of course is > not allowed to access the dirs for the *.so's to be loaded by exec. > [see end of message for setup details] There does indeed seem to be a missing setgid() in jail (compared to jexec, which gets it right). Could you please file a big report on this? Then I'll get it fixed up. - Jamie