Re: Possible security issue with jails

From: Poul-Henning Kamp (phk_at_phk.freebsd.dk)
Date: 01/11/05

  • Next message: Micah: "Re: Possible security issue with jails"
    To: Micah <micah@micah.ws>
    Date: Tue, 11 Jan 2005 23:05:43 +0100
    
    

    In message <20050111221055.GD68350@micah.tamu.edu>, Micah writes:
    >Howdy!
    >
    >I'm not sure if this is actually an issue, feature or a bug, but I have found
    >that inside a jail, the jailed root user is able to sniff traffic (and enable
    >promiscuous mode) on at least the interface of the IP address the jail is attached
    >to.

    Only if you leave bpf devices in the devfs mounted on the jail.

    -- 
    Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
    phk@FreeBSD.ORG         | TCP/IP since RFC 956
    FreeBSD committer       | BSD since 4.3-tahoe    
    Never attribute to malice what can adequately be explained by incompetence.
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    

  • Next message: Micah: "Re: Possible security issue with jails"

    Relevant Pages

    • Re: Possible security issue with jails
      ... >>I'm not sure if this is actually an issue, feature or a bug, but I have found ... > Only if you leave bpf devices in the devfs mounted on the jail. ... To unsubscribe, ...
      (FreeBSD-Security)
    • Re: mount_unionfs for jails
      ... some bugs in unionfs. ... to this day (most notably the socket bug, which prevents mysql from running in a jail ... the future of unionfs in FreeBSD isn't really bright. ...
      (freebsd-questions)
    • Possible bug in TSO or in pf on bce
      ... so I don't known if it's a bug or not. ... This server running FreeBSD-7.2-p6 and have lot of jail (but the problem is ... So to make all traffic of the jail pass only throught bce1 and not using ... So I find the problem is with TSO, if I deactivated the TSO the bandwith is ...
      (freebsd-net)
    • Re: Y&R - My LOD
      ... > When I heard Michael tell The Bug to "Think like a lawyer," my> mind ... who is very disappointed that Phyllis isn't going to pay with> time ... I enjoyed seeing her tortured today by the fear of being found out and going to jail. ... man-killer Department of Justice (probably head of the ...
      (rec.arts.tv.soaps.cbs)
    • Re: I just broke out of a FreeBSD jail.. Known bug??
      ... But still a bug, so yes I guess it should be mentioned in BUGS (and handbook too? ... As long as untrusted processes are working with the file system namespace exposed to the jail, the privileged root user should be very cautious about trusting those bits of namespace, just as they should be cautious with bits of file system namespace writable by regular users. ...
      (freebsd-stable)