Date: Mon, 31 Jan 2000 08:36:32 +0100 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Dmitry Valdov <dv@dv.ru> Cc: security@FreeBSD.ORG Subject: Re: jail.. Message-ID: <21077.949304192@critter.freebsd.dk> In-Reply-To: Your message of "Mon, 31 Jan 2000 03:05:46 %2B0300." <Pine.BSF.3.95q.1000131025803.12484A-100000@xkis.kis.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.3.95q.1000131025803.12484A-100000@xkis.kis.ru>, Dmitry Val dov writes: >Hello! > >It is possible to take root on entire machine if someone has an account on >it an root under jail. >for example, we're running jail with chroot to /usr/jail. Someone have root >in chroot'ed environment. >So, he can create setuid shell in /usr/jail. >But if he have normail account on machine, he can run it from /usr/jail and >take root on entire machine. >chmod /usr/jail doesn't help because chrooted / cannot be read by anyone :( > >I think that the right solution is to make directory for chroot under 700's >directory. Should it be documented in jail man page? The right solution is to not give any accouns outside the jails. -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?21077.949304192>