Rooting FreeBSD , Privilege Escalation using Jails (P??????tur)
Jamie Landeg Jones
jamie at bishopston.net
Tue May 10 19:23:22 UTC 2011
> Dumb question: the jail command can refuse to run unless the
> parent of a jail root is 0700. Would that work? No kernel hack
> required.
Haha, all talking about kernel hacks and so on, and yet, to me,
that seems the simplest, but ALSO, the most elegent solution.
I'd have some override flag that could be set for those who's jails
are directly under an important folder, e.g. /usr/my-jail-name/
so that those unable to change straight away can set an rc/sysctl
flag rather than have to hack the code..
Is this turning into a bikeshed discussion?
More information about the freebsd-security
mailing list