Hey all, I think that there should be a warning (on the jail man page or handbook page perhaps), on setuid in jails. Ex:
John <-- user on the (host) server I give John root access to a jail (just for him to play with), and he then sets vi (for example) to setuid root. He then sshs into the host, and uses $ /usr/jail/johnsandbox/usr/bin/vi /usr/local/etc/sudoers He now has root! Am I completely thick not to have noticed this, or should there be a warning about people being allowed to have root in a jail where they have unprivileged access to the host? Or have I missed the point of a jail? Regards Chris -- R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. > (sendmail.cf) _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
