Escaping from a jail with root privileges on the host
Benjamin Kaduk
kaduk at MIT.EDU
Wed Dec 28 20:54:49 UTC 2011
[minus -stable]
On Wed, 28 Dec 2011, Marin Atanasov Nikolov wrote:
> Hello,
>
> Today I've managed to escape from a jail by accident and ended up with
> root access to the host's filesystem.
>
> Here's what I did:
>
> * Using ezjail for managing my jails
> * Verified in FreeBSD 9.0-BETA3 and 9.0-RC3
> * This works only when I use sudo, and cannot reproduce if I execute
> everything as root
I cannot see how the use of sudo would be relevant -- the fundametal issue
merely requires the vnode of the directory in question to be moved (not
copied) past the jail's root vnode. Could you give a bit more detail
about how you came to believe that sudo is necessary?
-Ben Kaduk
More information about the freebsd-security
mailing list