Re: Rooting FreeBSD , Privilege Escalation using J
--ZRyEpB+iJ+qUx0kp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Jamie,
On Mon, May 09, 2011 at 12:55:06PM +0100, Jamie Landeg Jones wrote:
> > > A jail won't work for not-root users if the jail root directory is ch=
mod 700 - although
> > > there is obviously a 'chroot' running withing the jail, the jailed us=
er still needs
> > > to have read permission from the hosts / -- chmod 700 therefore locks=
all non-root
> > > users out.
> > >
> >
> > It's weird - I don't remember having such problem after setting jails'
> > root directory permission to 700. I don't have the system anymore so I
> > can't verify it just yet.
>=20
> I just tried it again (Freebsd 8.2) and I am wrong.
>=20
> Setting 700 on the jail root does indeed mess things up. But setting it on
> the parent (e.g. /usr/jails), and things are fine.
>=20
> Stupidly of me, that makes perfect sense. The non-privileged user needs
> read access to the jails "/"
>=20
> Sorry for the spam
In no-way is it spam. Consider it a 'test'imonial to others that may ask=20
that question in the future ;)
Tip: Quick way to lock your system down to only root: ( chmod g=3D / )=20
***Emergency Use Only**** "molly guard not present" "slippery when throbbed"
Side effect of that is its not really nice for processes=20
that run with lower privileges and isn't always apparent why things are=20
not working correctly so its best to just use nologin or drop to SU.=20
--=20
Regards, (jhell)
Jason Hellenthal
--ZRyEpB+iJ+qUx0kp
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (FreeBSD)
Comment: http://bit.ly/0x89D8547E
iQEcBAEBAgAGBQJNyJEQAAoJEJBXh4mJ2FR+j3IH/1gMoLoduCOvEV0p/ryJTN90
KaBSAk0qMciEAY9Qk7fbYVfbTTtAVoAMfMGt6xngjk39LPqvC4ID6UOPmYhhGtul
G5p47MrS3BQ8BEOSp8qJY9l+R9arKMFpCMIfKXWmcHjgiN+thKM8Veifu+zgmn6q
eD4Hemk4ae6c4TJmsVhUAJWMoeRRhBH1Y8eetj+79qStRrfu5xg56MsXKgwuoUiM
nlmSNxP9eo0hTwp0zm5fWYoDr3d0f2cJiPC2U/8AHTzd5rro+gqMt/ACwe2ABkN/
GywfRys75ty8xvctysRyla+r0Ww1v1IcwaWClrvKTvYBl1gdALBa+tLuceqwF9g=
=1KnA
-----END PGP SIGNATURE-----
--ZRyEpB+iJ+qUx0kp--
討論串 (同標題文章)