On 3/5/2014 4:39 PM, Xin Li wrote: > This is NOT a problem with jail. For starters, it's very bad idea to > give out host shell account, privileged or not, to jail users if they > are not trusted. Let's consider this scenario: > > jail$ su -l > jail# cp /usr/bin/less /bin/root_shell > jail# chown root:wheel /bin/root_shell > jail# chmod 6555 /bin/root_shell > jail# logout > jail$ logout > > Then, you basically have a setuid binary that can be reached from host > system. As an attacker I would do: > > host$ /path/to/jail/bin/root_shell That's an important point: jails are good for their *own* security, but they make the base system insecure for allowing untrusted users. I can see user accounts for the admin's own use (likely the condition that was originally reported), but that's the only account I would consider allowing. - Jamie _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"