Bill Moran wrote: > http://people.collaborativefusion.com/~wmoran/code/jailme.html > > Feedback is appreciated.
Be very very careful. Both chroot(2) and jail(2) can only be called by root, and for very good reasons. Unprivileged users can create hardlinks to files which they don't own, including setuid root binaries; but these binaries will probably not operate correctly inside a jail of an attacker's construction (e.g., which contains a root password of "r00tmeplz"). The attacker can thus obtain jailed root privileges, create all the setuid root binaries he wants, and then run them from outside of the jail to obtain root privileges in the host machine. The fact that you're calling jail_attach(2) instead of jail(2) makes me slightly less worried, but you'd still have to work very hard to convince me that this should become part of the FreeBSD base system. Colin Percival _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
