Modified version of jexec allows non-root access into jails
cperciva at freebsd.org
Sat Dec 30 20:59:54 PST 2006
Bill Moran wrote:
> You also describe a scenerio where a user can create a jail of his own
> design and give himself root inside it, thus allowing him to use the
> setuid trick to get root on the host as well. The place this falls down
> is that the user would need to already have root to create the jail in the
> first place.
Not necessarily. An unprivileged user can create hard links to binaries
he doesn't own, including suid binaries.
More information about the freebsd-hackers