Escaping from a jail with root privileges on the host

Benjamin Kaduk kaduk at MIT.EDU
Wed Dec 28 20:54:49 UTC 2011

[minus -stable]

On Wed, 28 Dec 2011, Marin Atanasov Nikolov wrote:

> Hello,
> Today I've managed to escape from a jail by accident and ended up with
> root access to the host's filesystem.
> Here's what I did:
> * Using ezjail for managing my jails
> * Verified in FreeBSD 9.0-BETA3 and 9.0-RC3
> * This works only when I use sudo, and cannot reproduce if I execute
> everything as root

I cannot see how the use of sudo would be relevant -- the fundametal issue 
merely requires the vnode of the directory in question to be moved (not 
copied) past the jail's root vnode.  Could you give a bit more detail 
about how you came to believe that sudo is necessary?

-Ben Kaduk

More information about the freebsd-security mailing list