Re: Rooting FreeBSD , Privilege Escalation using Jails (P??????t

On Wed, 11 May 2011 05:28:16 -0000 Janne Snabb <snabb@epipe.com>  wrote:
> On Tue, 10 May 2011, Bakul Shah wrote:
> 
> > Dumb question: the jail command can refuse to run unless the
> > parent of a jail root is 0700. Would that work? No kernel hack
> > required.
> 
> I do not think that this should be enforced in kernel, in the jail(8)
> command nor anywhere else. UNIX rm(1) is not opening a pop-up window
> asking "are you sure?" if you do "rm -rf /". The OS should not
> impose arbitrary restrictions based on some random assumptions on
> how a particular OS facility is going to be used.
	...
> This should go in to the documentation as a recommendation for some
> common jail use cases, but seriously, really not in the code, please.
> 
> In UNIX we do not want to prevent people from shooting themselves
> in the foot. We should assume that the system administrator knows
> what they want and should not restrict their freedom to do so.

I agree that people should not be prevented from shooting
themselves in the foot but I do suggest that "accidental"
footshooting can be prevented by leaving the gun safey on.
Force them to take some explicit action for footshooting!

So let me modify my dumb suggestion: allow running a jail if
either the jail's parent dir has mode 0700 or the user
specified -f flag (analogous to rm -f). [You may still not
like it, but so it goes!]
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"