[HACKERS] semaphore usage "port based"?
Kris Kennaway
kris at obsecurity.org
Mon Apr 3 22:57:22 UTC 2006
On Mon, Apr 03, 2006 at 06:51:45PM -0400, Stephen Frost wrote:
> * Robert Watson (rwatson at FreeBSD.org) wrote:
> > On Mon, 3 Apr 2006, Stephen Frost wrote:
> > >This is certainly a problem with FBSD jails... Not only the
> > >inconsistancy, but what happens if someone manages to get access to the
> > >appropriate uid under one jail and starts sniffing or messing with the
> > >semaphores or shared memory segments from other jails? If that's possible
> > >then that's a rather glaring security problem...
> >
> > This is why it's disabled by default, and the jail documentation
> > specifically advises of this possibility. Excerpt below.
>
> Ah, I see, glad to see it's accurately documented. Given the rather
> significant use of shared memory by Postgres it seems to me that
> jail'ing it under FBSD is unlikely to get you the kind of isolation
> between instances that you want (the assumption being that you want to
> avoid the possibility of a user under one jail impacting a user in
> another jail). As such, I'd suggest finding something else if you
> truely need that isolation for Postgres or dropping the jails entirely.
>
> Running the Postgres instances under different uids (as you'd probably
> expect to do anyway if not using the jails) is probably the right
> approach. Doing that and using jails would probably work, just don't
> delude yourself into thinking that you're safe from a malicious user in
> one jail.
Yes; however jails are still useful for administrative
compartmentalization even when you have to weaken their security
properties, such as here.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20060403/e2b76af1/attachment.pgp
More information about the freebsd-stable
mailing list