On Sun, 8 Sep 2002, Benjamin Krueger wrote:

> Think carefully about exactly what kind of privileges your clients get. A
> friend asked me recently if his users could escalate privileges if they have a
> normal user account on the main server, and root inside the jail. After some
> thinking we outlined a situation in which the user creates a suid binary to
> escalate any user to root inside the jail, and then runs it as a normal user
> outside the jail. Instant root.

        We stumbled accross this situation a year or so ago as we converted
our development environments to be jails on the developer workstations.

        A reasonable solution is to block access to the jailed filesystems
from non-jailed accounts. Just do the following:

        install -m u=rwx,go= -d /usr/fence
        install -d /usr/fence/jail

        Then use the fenced off directory as your jail root. We are
successfully running desktops with multiple developer jails in this sort of
configuration and things work great. This exclued anyone but root from
using suid binaries from a jail, and well, root's already root.

        Adrian

--
[ adrianubergeeks.com ]
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]