Idea about 'skeleton jail

Frank Knobbe frank at knobbe.us
Sat Mar 12 20:52:45 PST 2005


On Mon, 2005-01-31 at 13:29 -0600, security at revolutionsp.com wrote:
> Very nice idea!! This greatly improves jail management on FreeBSD. There
> is a possibility for a minor drawback -- if one can change a system binary
> in the host system, them all jails are compromised -- but assuming one
> would need root access on the host to change the binary, he would have
> power to change any jail anyway, so this is rather redundant.

Another important drawback is that you can not prune the jail. For
example, I prefer to remove "sharp objects" from certain jails for
security reasons. There is no need for gcc, ftp and other binaries to
reside in a jail when these are not used. These only give an intruder
into the jail the tools he needs to bring his scripts in to further hack
on the system.

If you nullfs these directories, you loose the ability to prune the
jail. Pruning is part of system hardening. I'd rather improve the
security of a jail than to sacrifice it. Your objectives may differ of
course.

Cheers,
Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20050312/43c94fe6/attachment.bin


More information about the freebsd-hackers mailing list