misc/139422: make the jail safe for the parent system
Andrey Groshev
greenx at yartv.ru
Thu Oct 8 12:11:45 UTC 2009
Even if it not the colleague, and I.
I too can make an error, despite the fact that what I trust myself on
hundred percent.
Also it turns out that at a successful crack and reception root
privileges in jail, it is possible to put out of action parent system at
the following reboot.
Since by default in jail it is started /etc/rc.
remko at FreeBSD.org пишет:
> Synopsis: make the jail safe for the parent system
>
> State-Changed-From-To: open->closed
> State-Changed-By: remko
> State-Changed-When: Thu Oct 8 10:32:10 UTC 2009
> State-Changed-Why:
> Hello, I think I understand what you ar etrying to say here. But I think
> that only trusted people should be allowed into a jail, as well as with
> a regular server. You could give the user sudo access for specific tasks
> so tht he cannot do everything as highly privileged user. Yes ofcourse
> you might be able to get out of those things if you are creative. The
> question is, where do we put the line. I think that in this case one
> should know what he puts in rc.local, if this is a jail, and you use the
> regular scripts, the 'jail' rc.d will not be used at all. Please discuss
> this further on the questions list, and report to me in case this is
> really a problem. Anyway; thanks for using FreeBSD! It's greatly
> appreciated...
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=139422
>
More information about the freebsd-bugs
mailing list