I just broke out of a FreeBSD jail.. Known bug??
Dr. Aharon Friedman
a.friedman at trunutrition.com
Sat Dec 29 17:58:11 PST 2007
It does not look like you broke it. Moving directories between jails while
they are running is not part of the game as it breaks chroot. You could
manipulate files between jails with the jails up by using networking, such
as ftp.
Obviously, one could program chroot to be able to "eat" this stuff, but it
will make the system cumbersome. Remember, Jails are supposed to protect
against an outside attacker, not against the sys admin.
Aharon
-----Original Message-----
From: Johan Ström [mailto:johan at stromnet.se]
Sent: Friday, December 28, 2007 7:16 AM
To: freebsd-stable at freebsd.org
Subject: I just broke out of a FreeBSD jail.. Known bug??
Hello list!
I'm running a FreeBSD 6.2-p8 box with a few jails. The other day a
user of mine uploaded a number of files to one jail, then I (in the
actual system outside of all jails) moved that directory to another
jail.. When I later did some chdiring in the original jail, I found
my self standing in my other jails pwd and beeing able to read/
manipulate files!..
Example:
jb-1 (the base machine, jailbox-1)
shell (jail 1)
core (jail 2)
shell /home/johan# pwd
/home/johan
shell /home/johan# ls
.cshrc .irssi .login_conf .mailrc .profile
.shrc .zcompdump public_html
.histfile .login .mail_aliases .noident .rhosts
.ssh .zshrc
shell /home/johan# mkdir test
shell /home/johan# cd test
shell /home/johan/test# touch asd
shell /home/johan/test# ls -al
total 4
drwxr-xr-x 2 root root 512 Dec 28 13:09 .
drwxr-x--x 6 johan johan 512 Dec 28 13:09 ..
-rw-r--r-- 1 root root 0 Dec 28 13:09 asd
shell /home/johan/test#
Then moving it on the root box
jb-1 /usr/jails# mv shell/home/johan/test core/home/johan/
jb-1 /usr/jails#
And back on shell jail:
shell /home/johan/test# ls
asd
shell /home/johan/test# pwd
pwd: .: No such file or directory
shell /home/johan/test# cd ..
shell /home/johan# ls
.cshrc .lesshst .mailrc .shrc .vimrc
file.big roundcube.sql www.tar.gz
.histfile .login .mysql_history .ssh .zcompdu
mp pics stuff
.history .login_conf .profile .vim .zshrc
postfix-2.4.5 test
.irssi .mail_aliases .rhosts .viminfo
cacert.pem public_html vmail.tar.gz
shell /home/johan#
Thats my home dir on core!.. That should very much not be visible
there! I have full access now (from the wrong jail!)
Known bug or did I just stumble upon something pretty bad??
--
Johan Ström
Stromnet
johan at stromnet.se
http://www.stromnet.se/
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.17.11/1201 - Release Date: 12/28/2007
11:51 AM
More information about the freebsd-stable
mailing list