Re: Rooting FreeBSD , Privilege Escalation using Jails (P??????t
--M9NhX3UHpAaciwkO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Jamie,
On Tue, May 10, 2011 at 01:18:44PM +0100, Jamie Landeg Jones wrote:
>=20
> > Do you know if there is a way that chmod on / from within the jail coul=
d=20
> > be prevented easily without breaking something ? Maybe not failing but=
=20
> > falling though and return 0 for any operation with the sole argument of=
/.
>=20
> Enforcing 700 on the jail root?
>=20
> Whilst I was wrong on chmod 700 on (say) /usr/jails it is still the case
> that the root directory of the jail itself (/usr/jail/jailname) has to
> be 755 for non-root processeses within the jail to access the filesystem!
>=20
Sorry for the late reply on this.
What I was thinking of is enforcing from within the jail that all system=20
calls to chmod(2), chflags(2), chown(2) and anything that can change the=20
directories access modes should be passed silently when the argument to=20
the command is operating on the root directory.
--=20
Regards, (jhell)
Jason Hellenthal
--M9NhX3UHpAaciwkO
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (FreeBSD)
Comment: http://bit.ly/0x89D8547E
iQEcBAEBAgAGBQJNycfTAAoJEJBXh4mJ2FR+0s4IAIXFxI7k819MBfSOAgvIxlgu
HVXGlwGjB+EVDuPKiVGExlN0ezje+RUZWAkFfM/BGoTxAptY5Icz5bG4INHddyP5
ikoiqMSe68vEUKklmHQXs8tYI3Poj4u5ZpcuUcc3H4wL+QB+FQPtIAXXp4oEKHY0
3+0bMpQbFQ3QdeNVeA1sKdPId8uJYI4dT/tBVsrC1xJKlm3/nGmWZ+SCT6q7SEYI
A+WImLiHa4l32E0mfEC7bbgmmg90Xg6Kg01stk3ZLBAHQzlcR8MMhnsGtQzJwztC
NouVclKqxLIcSFFWvyDcymcYeVIdXgrUspEwXzzTj3sOVdxDvEd+lkQ50dN3y64=
=upS1
-----END PGP SIGNATURE-----
--M9NhX3UHpAaciwkO--
討論串 (同標題文章)
完整討論串 (本文為第 22 之 29 篇):