Re: Rooting FreeBSD , Privilege Escalation using Jails (P�tur)


On Mon, May 09, 2011 at 12:55:06PM +0100, Jamie Landeg Jones wrote:
A jail won't work for not-root users if the jail root directory is chmod 700 - although
there is obviously a 'chroot' running withing the jail, the jailed user still needs
to have read permission from the hosts / -- chmod 700 therefore locks all non-root
users out.

It's weird - I don't remember having such problem after setting jails'
root directory permission to 700. I don't have the system anymore so I
can't verify it just yet.

I just tried it again (Freebsd 8.2) and I am wrong.

Setting 700 on the jail root does indeed mess things up. But setting it on
the parent (e.g. /usr/jails), and things are fine.

Stupidly of me, that makes perfect sense. The non-privileged user needs
read access to the jails "/"

Sorry for the spam

In no-way is it spam. Consider it a 'test'imonial to others that may ask
that question in the future ;)

Tip: Quick way to lock your system down to only root: ( chmod g= / )
***Emergency Use Only**** "molly guard not present" "slippery when throbbed"

Side effect of that is its not really nice for processes
that run with lower privileges and isn't always apparent why things are
not working correctly so its best to just use nologin or drop to SU.


Regards, (jhell)
Jason Hellenthal

Attachment: pgp97cVHrPfvC.pgp
Description: PGP signature

Relevant Pages