Thoughts on jail privilege (FAQ submission)
Giorgos Keramidas
keramida at ceid.upatras.gr
Fri Jan 16 07:40:10 PST 2009
On Thu, 15 Jan 2009 17:09:05 +0000, "Chris Rees" <utisoft at googlemail.com> wrote:
> Hey all,
>
> I think that there should be a warning (on the jail man page or
> handbook page perhaps), on setuid in jails. Ex:
>
> John <-- user on the (host) server
>
> I give John root access to a jail (just for him to play with), and he
> then sets vi (for example) to setuid root. He then sshs into the host,
> and uses
>
> $ /usr/jail/johnsandbox/usr/bin/vi /usr/local/etc/sudoers
>
> He now has root!
If the host system and the jail share the `john' user *and* you are
sharing `/usr/local' as read-write between the host and the jail, then
``you are doing it wrong!''.
But that's a good warning to add somewhere in the jail documentation :)
More information about the freebsd-security
mailing list