Re: Modified version of jexec allows non-root access into jails

Bill Moran wrote:
You also describe a scenerio where a user can create a jail of his own
design and give himself root inside it, thus allowing him to use the
setuid trick to get root on the host as well. The place this falls down
is that the user would need to already have root to create the jail in the
first place.

Not necessarily. An unprivileged user can create hard links to binaries
he doesn't own, including suid binaries.

Colin Percival
_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: How do I "clone" the root account / create a second admin account ?
    ... Should I do this create work from the root or should I ... What you want is to create unprivileged user accounts to do normal work. ...
    (comp.os.linux.misc)
  • Re: Re: BSM and syslog... why should I consider the first?
    ... Start of BSM Trace ... LD_AUDIT redirects program execution to the vulnerable library, created by an unprivileged user. ... The effective userID is now root; this is to be expected as ping is a setuid root program. ... Detecting the "LD_AUDIT" environment variable being set by an unprivileged user ...
    (Focus-SUN)
  • Re: Fedora 9
    ... but it crash after while and then it get Segmentation fault ... when I try start it by unprivileged user. ... root it is working. ...
    (Fedora)
  • Doubt: core not dumped when binary give up root privileges.
    ... I wrote a program which runs with uid 0, but later give up root privs by ... where x is an unprivileged user. ... If instead of calling the program as root, I call it from the non-priv ...
    (Linux-Kernel)
  • Re: Newbie
    ... Mehdi Bouhalassa wrote: ... > But that doesn't solve my permissions right... ... If you're running as root and not a regular, unprivileged user, knock it ...
    (Fedora)