Re: Escaping from a jail with root privileges on the host



[minus -stable]

On Wed, 28 Dec 2011, Marin Atanasov Nikolov wrote:

Hello,

Today I've managed to escape from a jail by accident and ended up with
root access to the host's filesystem.

Here's what I did:

* Using ezjail for managing my jails
* Verified in FreeBSD 9.0-BETA3 and 9.0-RC3
* This works only when I use sudo, and cannot reproduce if I execute
everything as root

I cannot see how the use of sudo would be relevant -- the fundametal issue merely requires the vnode of the directory in question to be moved (not copied) past the jail's root vnode. Could you give a bit more detail about how you came to believe that sudo is necessary?

-Ben Kaduk
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"