Re: Modified version of jexec allows non-root access into jails
- From: Robert Watson <rwatson@xxxxxxxxxxx>
- Date: Sun, 31 Dec 2006 15:07:05 +0000 (GMT)
On Sat, 30 Dec 2006, Colin Percival wrote:
Bill Moran wrote:You also describe a scenerio where a user can create a jail of his own design and give himself root inside it, thus allowing him to use the setuid trick to get root on the host as well. The place this falls down is that the user would need to already have root to create the jail in the first place.
Not necessarily. An unprivileged user can create hard links to binaries he doesn't own, including suid binaries.
BTW, I understand that Solaris has now changed the default to be that users cannot hard link files they don't own. We have a sysctl option for that -- if this is now a widespread default, I wonder if we should be considering switching the default?
Robert N M Watson
Computer Laboratory
University of Cambridge
_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"
- References:
- Re: Modified version of jexec allows non-root access into jails
- From: Colin Percival
- Re: Modified version of jexec allows non-root access into jails
- From: Bill Moran
- Re: Modified version of jexec allows non-root access into jails
- From: Colin Percival
- Re: Modified version of jexec allows non-root access into jails
- Prev by Date: Re: how to deal with const
- Next by Date: Re: Init.c, making it chroot
- Previous by thread: Re: Modified version of jexec allows non-root access into jails
- Next by thread: Program receiving SIGSEGV after exit()
- Index(es):
Relevant Pages
|
|
