Date: Fri, 19 Oct 2001 17:28:54 +0200 From: Hanno Liem <freebsd@dark4ce.com> To: Kris Kennaway <kris@obsecurity.org> Cc: Hanno Liem <freebsd@dark4ce.com>, freebsd-questions@FreeBSD.ORG Subject: Re: To jail or not to jail, that is the question Message-ID: <20011019172854.G85163@dark4ce.com> In-Reply-To: <20011018014751.A42500@xor.obsecurity.org>; from kris@obsecurity.org on Thu, Oct 18, 2001 at 01:47:51AM -0700 References: <20011018094726.E85163@dark4ce.com> <20011018014751.A42500@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 18, 2001 at 01:47:51AM -0700, Kris Kennaway wrote: > On Thu, Oct 18, 2001 at 09:47:26AM +0200, Hanno Liem wrote: > > > On the other hand I wonder if it complicates the system administration of > > the box... furthermore I just read an article on Daemonnews about security > > vulnerabilities in jail (albeit they do not seem that easy to exploit). > > What security vulnerabilities in jail? As far as I know there aren't > any. > > Kris Sorry, I may have misread the article. I only glanced at it, to read it in detail later. I was pointed in the direction by the following sentence: > 2.1 Understanding the Vulnerability > 4.4BSD procfs implementation has been broken since the beginning, but the > final blow came from jail(2). The buffer overflow happens when a jail has > been setup with a long hostname (up to 255 bytes) or huge gids are used, and > a program's status is read through procfs. I took a printout of the article with me on a trip to the UK, and had some time to read it in detail. I realise that it is quite old (>6 months) and could very well be outdated. Hope I didn't step on any toes :-} Han To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011019172854.G85163>