search for: jailed

Displaying 20 results from an estimated 777 matches for "jailed".

Did you mean: failed
2013 Feb 12
2
problem stoping jails with jail(8), jail.conf and mount.fstab
Hello, on 9.1-R, I highly appreciate the new jail(8) and jail.conf capabilities. Thanks for that extension! But I have one problem: If I want to stop a jail with 'jaill -r jailname', I get "umount: unmount of /.jail.jailname failed: Device busy" It seems to me that the order of fstab.jailname entries are not reverted by jail(8) when shutting down/umounting. My C skills
2006 Dec 19
3
/etc/rc.d/jail: losing IPs if jail_x_interface set and syntax error in jails /etc/rc?
Hi *, I recently triggered an error when setting up a jail-host: I configured the jail(s) like evry jail I set up in the past: On the jail-hosts /etc/rc.conf: # ---- Jail-Globals ---- jail_enable="YES" # Set to NO to disable starting of any jails jail_list="ftp mx1 relay" # Space separated list of names of jails
2006 Mar 07
3
Jails and loopback interfaces
Hi, Running: Freebsd 6.0 I am wondering if it is possible to have acces to loopback ip in a jail. I currently have a server running a jail. In the jail, there is a database and a web server. I would like to be able to have the database only bind on a loopback address and not on the jail's ip. Can this be done and how? Thanks -Cyril
2003 Jul 10
2
jail performance questions
I'm thinking of using jails to improve security on a server I am setting up. Specifically, I would like to put Apache/PHP in a jail, but I might like to set up 2-3 different jails for different purposes. I've found several examples showing how to set the jails up. My questions involve system requirements. Assuming plenty of disk space, 1GB ram and a dual processor PIII 1.13Ghz
2006 May 04
3
Jails and loopback interfaces
> I recently did something like this. I have a webserver in a jail that > needs to talk to a database, and the webserver is the only thing that > should talk to the databse. > My solution was to use 2 jails: one for the webserver, and another for the > database. > Jail 1: > * runs webserver > * binds to real interface with real, routable IP > Jail 2: > *
2011 May 06
6
Rooting FreeBSD , Privilege Escalation using Jails (Pétur)
I read this (http://www.petur.eu/blog/?p=459) blog post today. It's about that a remote user with root privilegs to a FreeBSD jail & user privileges to the jails host machine can obtain root privileges on the host machine. Can someone confirm if this bugg/exploit works?
2007 Jan 11
0
FreeBSD Security Advisory FreeBSD-SA-07:01.jail
...quot;symlink attacks". By replacing /var/log/console.log inside the jail with a symbolic link it is possible for the superuser (root) inside the jail to overwrite files on the host system outside the jail with arbitrary content. This in turn can be used to execute arbitrary commands with non-jailed superuser privileges. Similarly, by changing directory mount points inside the jail file system structure into symbolic links, it may be possible for a jailed attacker to mount file systems which were meant to be mounted inside the jail at arbitrary points in the host file system structure, or to...
2007 Aug 01
0
FreeBSD Security Advisory FreeBSD-SA-07:01.jail [REVISED]
...quot;symlink attacks". By replacing /var/log/console.log inside the jail with a symbolic link it is possible for the superuser (root) inside the jail to overwrite files on the host system outside the jail with arbitrary content. This in turn can be used to execute arbitrary commands with non-jailed superuser privileges. Similarly, by changing directory mount points inside the jail file system structure into symbolic links, it may be possible for a jailed attacker to mount file systems which were meant to be mounted inside the jail at arbitrary points in the host file system structure, or to...
2007 Aug 01
0
FreeBSD Security Advisory FreeBSD-SA-07:01.jail [REVISED]
...quot;symlink attacks". By replacing /var/log/console.log inside the jail with a symbolic link it is possible for the superuser (root) inside the jail to overwrite files on the host system outside the jail with arbitrary content. This in turn can be used to execute arbitrary commands with non-jailed superuser privileges. Similarly, by changing directory mount points inside the jail file system structure into symbolic links, it may be possible for a jailed attacker to mount file systems which were meant to be mounted inside the jail at arbitrary points in the host file system structure, or to...
2003 Jul 12
5
jails, ipfilter & stunnel
...nd am configuring ipfilter. Here are my questions: Because I'm using Jails, I will have to have multiple ip aliases on the network interface. I will use ipfilter to specify what can go to each of the addresses. (e.g., allow only incoming to port 80 on the jail running apache). Another jailed server will run mail services (pop, smtp, imap). If I want to allow users to use web based email(over ssl of course), the web server will have to communicate with the mail server. Is there a chance of "information leakage" in this type of setup? Finally, I'd like to use SSL t...
2007 Jan 11
2
FreeBSD Security Advisory FreeBSD-SA-07:01.jail
...quot;symlink attacks". By replacing /var/log/console.log inside the jail with a symbolic link it is possible for the superuser (root) inside the jail to overwrite files on the host system outside the jail with arbitrary content. This in turn can be used to execute arbitrary commands with non-jailed superuser privileges. Similarly, by changing directory mount points inside the jail file system structure into symbolic links, it may be possible for a jailed attacker to mount file systems which were meant to be mounted inside the jail at arbitrary points in the host file system structure, or to...
2003 Sep 10
2
jail + postgresql + System V IPC
...but can be enabled by setting this MIB entry to 1. Reading this it sounds like setting jail.sysvipc_allowed=1 is a bad idea? So I guess my question is, whether it is a big security risk to run postgresql in a jail? And what if I am running postgresql in both the host environment and the jailed environment? Will I bee asking for troubles? I managed to get things running, and so far I haven't had problems, but I was wondering if it is safe to run postgresql + jail. I have seen an ISP offering freebsd jails, and they have a list regarding downsides of running jail (such as you can't...
2013 Feb 15
1
mount lag, umounting returns wrong "Device busy"
Hello, while playing with new jail features, I recognized that manually umounting doesn't work as I'd expect. After jail has been destroyed, the following mountpoint is active: /dev/gpt/jailname1ROOT on /.jail.jailname1 (ufs, local, read-only) There was var mounted to /.jail.jailname1/var but that sucessfully umounted. 'fstat' also shows no open files in /.jail.jailname1 But
2003 May 21
1
netstat/ipcs inside jail
Hi, i've got this problem with my jail and i'm abolutly lost as in the why of it. I previously posted this on comp.unix.bsd.freebsd.misc but i was advised to send here I was unable to find help on google :( To resume quick, when i'm in a jail, netstat doesn't work properly. Hopefully i have provided sufficient information for anyone willing to help me :p First of all, my system :
2003 Aug 05
6
Problems with JAIL in 4.8R
Hi, i've set the outside ip for the jail..It works.. When i try to ssh to jail'ed system from the main system (in which is created jail) the connection is successful, but when i try to connect to jailed system from anywhere else i get this message: ssh: connect to host IP_NUMBER port 22: Operation timed out What can be wrong here? How to solve this problem?
2006 Apr 13
1
Prototyping for basejail distribuition
Hi, I attach 2 files in this email, the first is a Makefile and the second is jail.conf. For demonstre my idea i resolved create one "Pseudo Prototyping", for test is necessary: 1 - Create dir /usr/local/basejail 2 - Copy Makefile to /usr/local/basejail 3 - Copy jail.conf to /etc 4 - The initial basejail is precompiled is distributed in CD1, for simular basejail is necessary a
2019 Nov 13
2
"samba-tool backup offline" stuck
On 2019-11-13 09:30, Andrew Bartlett wrote: > Regarding your problem, on linux I use lslocks to debug from here, you > can normally work out which process is holding the lock, which lock it > is waiting on (if any, marked with a *) and gdb that to work out what > is the matter with it, and perhaps why it is in that situation. Hmm... I have no lslocks on FreeBSD; will lsof do? In
2004 Sep 07
6
shorewall in chroot jail
Hello, I would like to run other services like messaging services on my firewall machine too. Does it make sense to run shorewall, openvpn and the pppoe package in a chroot jail? And is it possible to run these programs as an other user? Ciao Hugo
2009 Jan 08
2
Problems with network in jail
Hi all, Is it mandatory to add device mem to jails to enable network via the gateway? Left ezjail with FreeBSD-6.3 (and a hardware replacement of my server) and am now starting again with FreeBSD-7.1. Early this week, I upgraded from 7.0 to 7.1 (not having 'used' jails on 7.0). After creating the jail with `ezjail-admin update -i` I created a 'ports build' jail `ezjail-admin
2005 Jul 14
2
[ronvdaal@zarathustra.linux666.com: Possible security issue with FreeBSD 5.4 jailing and BPF]
This message was sent to bugtraq today: While playing around with FreeBSD 5.4 and jailing I discovered that it was possible to put an ethernet interface into promiscious mode from within the jailed environment, allowing a packetsniffer to gather data not meant for the jailed box. This also affects FreeBSD 5.3 (tested) but not FreeBSD 4.x This can be reproduced on boxes where BPF support is enabled in the kernel and a BPF device is available in the jail (badly configured devfs/no rules) The...