Re: FreeBSD Jail

From: Steve Shorter (steve@nomad.lets.net)
Date: 12/30/02

• Next message: Elite Bizkit: "one more thing ;)"
• Previous message: Peter Elsner: "Re: Bystander shot by a spam filter."
• In reply to: Elite Bizkit: "FreeBSD Jail"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 30 Dec 2002 10:01:41 -0500
From: Steve Shorter <steve@nomad.lets.net>
To: Elite Bizkit <elite_bizkit@hotmail.com>

On Mon, Dec 30, 2002 at 01:23:03PM +0000, Elite Bizkit wrote:
> First of all, how do you login to the jail (and logout)? Another question is

        The same way that you login in to any system. Well, there
are restrictions in the jail of course. A common way is to run
sshd in a jail and then ssh in. I ussually run sshd and syslogd
in the jailed environment, this depends on what you need of course.

> if someone manages to get root in the jail what happens if they run "exit",
> will they get to the host system or will it just close the jail and their
> connection? And finally in the BSDpro article the ports system was mounted

        "exit". You mean exit a shell? Well, then the shell will
exit and the connection may close and then you will still have sshd
running in the jail or whatever...

> using mount_nfs, surely if you can run this in the jail then you could mount
> other directories such as "/etc" and screw around with files on the host
> system?

        You can't run mount in a jail. That doesn't mean that the mounts
outside of the jail are all invisible inside. It depends how you
set up your chroot environment. One interesting "feature" of NFS mounts
is that they can be read/write in the jail but the network they are
mounted on can be otherwise inaccessable to the jail.

>
> Im probably missing something simple here but if anyone could answer any of
> the above I would be very greatful :)
>

        Experimenting with jail is fun and probably the best way to
learn this stuff.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: Elite Bizkit: "one more thing ;)"
• Previous message: Peter Elsner: "Re: Bystander shot by a spam filter."
• In reply to: Elite Bizkit: "FreeBSD Jail"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages [Full-disclosure] (no subject) ... oh so your paper rox better than all paper about chrooting sshd? ... Sometimes it may become profitable or necessary to jail the ssh daemon ... This paper will show you how to successfully jail sshd itself. ... (Full-Disclosure) Create multiple jails by copying ... I created one jail in FreeBSD 4.10. ... I get an error from sendmail-client, sshd, cron, sendmail cannot ... Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org ... (freebsd-questions) Creating multiple jails by copying ... I created one jail in FreeBSD 4.10. ... jail1 is functional. ... I get an error from sendmail-client, sshd, cron, sendmail cannot ... (comp.unix.bsd.freebsd.misc) Re: Fwd: Static Routes, gateways and the end of my sanity ... -}The scenario is that I have a server here with twin nics, bce0 and bce1; ... sshd is running inside the jail;). ... parent's sshd_config needs to say "ListenAddress 10.228.228.228". ... (freebsd-questions) "PRNG is not seeded" and FBSD 4.10-release Jail ... I have set up a jail within a FBSD 4.10-release host. ... seeded" when it attempts to start sshd, ... alongside the PRNG error messages (they occur when ... (comp.unix.bsd.freebsd.misc)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2002-12