kern/96438: Executeing a linux binary within jail causes reboot.
Peter
pb at ludd.luth.se
Thu Apr 27 23:50:21 UTC 2006
>Number: 96438
>Category: kern
>Synopsis: Executeing a linux binary within jail causes reboot.
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Apr 27 23:50:19 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Peter
>Release: 6.0-RELEASE #0
>Organization:
>Environment:
FreeBSD f6.my.domain 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Thu Nov 3 09:36:13 UTC 2005 root at x64.samsco.home:/usr/obj/usr/src/sys/GENERIC i386
>Description:
Launching a linux binary like tcsh as the initial command from jail(8) seem to
cause system reboot.
Second occurence is that in some circumstances _within_ jail(8) executeing linux binary cause the system to reboot in the same way.
Because the machine in question is a remote. I have not watched console while this happends.
I suspect this bug could be exploited to take over the system or DoS it.
Linux binary:
bin/tcsh: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.0, dynamically linked (uses shared libs), stripped
Dmesg excerpt:
FreeBSD 6.0-RELEASE #0: Thu Nov 3 09:36:13 UTC 2005
root at x64.samsco.home:/usr/obj/usr/src/sys/GENERIC
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Pentium Pro (199.74-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0x617 Stepping = 7
Features=0xf9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV>
real memory = 83881984 (79 MB)
avail memory = 72499200 (69 MB)
npx0: [FAST]
npx0: <math processor> on motherboard
npx0: INT 16 interface
cpu0 on motherboard
Will add to PR when I know more. Hopefully this issue will be remedied in 6.1
>How-To-Repeat:
Setup jail(8), use a linux binary as "init".
The second occourence is proberbly when I put linux system files. And then chroot to it within jail.
>Fix:
Be careful about linux binaries within jail(8).
Don't trust jail(8) security too much.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list