Re: Rooting FreeBSD , Privilege Escalation using Jails (Pétur)

Chris Rees utisoft at gmail.com
Fri May 6 20:56:06 UTC 2011


On 6 May 2011 16:54, Mark Felder <feld at feld.me> wrote:
> On Fri, 06 May 2011 10:13:50 -0500, Daniel Jacobsson
> <daniel.jacobsson.90 at gmail.com> wrote:
>
>> Can someone confirm if this bugg/exploit works?
>
> It's really not a bug or exploit... it's just the guy being crafty. It only
> makes sense: the jails access the same filesystem as the host. Put a file
> setuid in the jail and use your user on the host to execute that file and
> voila, you're now running that executable as root.
>
> Your users should NEVER have access to the host of the jail.


All the same, I've sent a PR [1] with some doc patches to make people
more aware of this -- fulfilling my promise of 2+ years ago :S

Thanks!

Chris

[1] http://www.freebsd.org/cgi/query-pr.cgi?pr=156853


More information about the freebsd-security mailing list