POSIX mqueuefs not jail aware
Thomas Sparrevohn
Thomas.Sparrevohn at btinternet.com
Sun Jun 23 14:58:03 UTC 2013
Hi
I have been working on some different projects that eventually will need a
shared queue structure and have been playing with mq_open et al.
For various reasons I was looking into being able to communicate between
the host and a jail using a global queue. Not that works fine using mqueuefs -
the down side is that any root or matching uid can delete the queue on the
host system.
Transscript - First the host
root at Thomas-FreeBSD:/home/sparrevo # ~sparrevo/mqueue
Testing creation of Queue /Talk
Making sure it does not exist deleted
/Talk Created
message posted
Now the jail - please note this jail runs securelevel 2 - not that I would
think it would matter here
root at Thomas-FreeBSD:/home/sparrevo # jail -c amd64-schg
amd64-schg: created
root at Thomas-FreeBSD:/home/sparrevo # ssh sparrevo at 192.168.0.203
Password for sparrevo at amd64-schg.aah-go-on.com:
Warning: untrusted X11 forwarding setup failed: xauth key data not
generated
Warning: No xauth data; using fake authentication data for X11
forwarding.
X11 forwarding request failed on channel 0
Last login: Sat Jun 15 16:48:07 2013 from 192.168.0.203
FreeBSD 10.0-CURRENT (PRODUCTION) #1 r252040: Sat Jun 22 01:20:14 BST
2013
Welcome to FreeBSD!
sparrevo at amd64-schg:~ % ./mqueue
Testing creation of Queue /Talk
Making sure it does not exist - it exist and we cannot delete it due
permissions
Queue /Talk cannot be created
hu:: File exists
sparrevo at amd64-schg:~ % su
Password:
root at amd64-schg:/home/sparrevo # ./mqueue
Testing creation of Queue /Talk
Making sure it does not exist deleted
/Talk Created
message posted
root at amd64-schg:/home/sparrevo #
Looking at the code it seems like we are missing a couple of allow.xxx
features. I have not yet had time to check thw shm code to see how it prevents
it
More information about the freebsd-security
mailing list