Jail security

[Chad Leigh -- Shire.Net LLC]

On Mar 7, 2005, at 9:35 AM, Frank de Bot wrote:

> Jorn Argelo wrote:
>> On Mon, 07 Mar 2005 17:04:41 +0100, Frank de Bot wrote
>>> Hi,
>>>
>>> I've set up a jail. But I don't have any idea how safe a jail is. 
>>> Often is told chroot and jails can be escaped. How safe is it to 
>>> give other people user access to a jailed environment? or maybe even 
>>> root...
>> A jailed process cannot leave its jail. Unless some exploit is being 
>> found in
>> jail itself, but that's rather unlikely. A cracker can only mess up 
>> your jail
>> and not your entire host. So if you build 4 jails for Apache, MySQL, 
>> Squid and
>> Postfix for instance, each of those processes will only run in its 
>> jail and
>> cannot interact with another jail or the host. Which is more secure 
>> then just
>> putting everything on your host.
>> Another major advantage of jails is that you can experiment at will 
>> without touching your production enviroment. Just create a jail and 
>> install apache in
>> the other jail. Once you are finished and it works, just amend your 
>> firewall
>> settings and you're ready to go.
>> If you're experienced enough I'd encourage you to use them. It can be
>> complicated for a newbie, but if you know your way around FreeBSD and 
>> the
>> command line, you should really use jails.
>> Jorn.
>
>
> What if an exploit is found, then root should have the greatest chance 
> to break out of the jail, or not?
> Should it be possible to assign root another UID in a jail (this is 
> pretty unlikely I think), so IF it breaks out it will find hisself 
> working as a user at the host system :-P

I know it is not exhaustive, and other exploits for escaping 
chroot/jail may come up, but I have tried many o fthe common chroot 
ones and never had any luck escaping from a jail...

Look at it this way -- if you don't use them for protection, they are 
already on your machine :-)  This is an insulating layer.

Chad