svn commit: r221655 - head/usr.sbin/jail
Benedict Reuschling
bcr at FreeBSD.org
Sun May 8 12:16:39 UTC 2011
Author: bcr (doc committer)
Date: Sun May 8 12:16:39 2011
New Revision: 221655
URL: http://svn.freebsd.org/changeset/base/221655
Log:
Jails have a problem in that if the jail directory is world-readable,
an attacker with root access to the jail can create a setuid binary for
their own use in the host environment (if they also have this access),
thus breaking root in the host.
This exploit is impossible if the jail's files are not world-readable.
Add instructions to the man page on how to create a jail with the
correct permissions set.
PR: docs/156853
Submitted by: Chris Rees (utisoft at gmail dot com)
Reviewed by: cperciva (security parts)
MFC after: 9 days
Modified:
head/usr.sbin/jail/jail.8
Modified: head/usr.sbin/jail/jail.8
==============================================================================
--- head/usr.sbin/jail/jail.8 Sun May 8 12:16:39 2011 (r221654)
+++ head/usr.sbin/jail/jail.8 Sun May 8 12:16:39 2011 (r221655)
@@ -34,7 +34,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd January 17, 2010
+.Dd May 8, 2011
.Dt JAIL 8
.Os
.Sh NAME
@@ -431,7 +431,7 @@ command script can be used:
.Bd -literal
D=/here/is/the/jail
cd /usr/src
-mkdir -p $D
+mkdir -p -m 0700 $D
make world DESTDIR=$D
make distribution DESTDIR=$D
mount -t devfs devfs $D/dev
@@ -448,6 +448,10 @@ in the per-jail devfs.
A simple devfs ruleset for jails is available as ruleset #4 in
.Pa /etc/defaults/devfs.rules .
.Pp
+Non-superusers in the host system should not be able to access the
+jail's files; otherwise an attacker with root access to the jail
+could obtain elevated privileges on the host.
+.Pp
In many cases this example would put far more in the jail than needed.
In the other extreme case a jail might contain only one file:
the executable to be run in the jail.
More information about the svn-src-head
mailing list