similar to: Rooting FreeBSD , Privilege Escalation using Jails (Pétur)

Displaying 20 results from an estimated 3000 matches similar to: "Rooting FreeBSD , Privilege Escalation using Jails (Pétur)"

2011 Apr 20
4
bad email address
Every time I send a message to this list, I get a bounced email reply from some Russian exchange server for email address xlino@bvpress.ru. Is there an admin or a moderator for this list that can remove that email address from the list? Rob
2003 Jul 12
5
jails, ipfilter & stunnel
I'm setting up a server where I plan to use Jails to improve security I also have installed and am configuring ipfilter. Here are my questions: Because I'm using Jails, I will have to have multiple ip aliases on the network interface. I will use ipfilter to specify what can go to each of the addresses. (e.g., allow only incoming to port 80 on the jail running apache). Another
2013 Feb 12
2
problem stoping jails with jail(8), jail.conf and mount.fstab
Hello, on 9.1-R, I highly appreciate the new jail(8) and jail.conf capabilities. Thanks for that extension! But I have one problem: If I want to stop a jail with 'jaill -r jailname', I get "umount: unmount of /.jail.jailname failed: Device busy" It seems to me that the order of fstab.jailname entries are not reverted by jail(8) when shutting down/umounting. My C skills
2003 Jul 10
2
jail performance questions
I'm thinking of using jails to improve security on a server I am setting up. Specifically, I would like to put Apache/PHP in a jail, but I might like to set up 2-3 different jails for different purposes. I've found several examples showing how to set the jails up. My questions involve system requirements. Assuming plenty of disk space, 1GB ram and a dual processor PIII 1.13Ghz
2008 Mar 28
3
Mounting devfs over to ZFS from fstab fails
Hello, I have some jails running on ZFS, so I have to mount devfs's into them. For this purpose, I have some similar lines in /etc/fstab: devfs /pool/jail/ldap/dev devfs rw 0 0 Where /pool is a ZFS filesystem. This has worked until today -when I upgraded from a previous 7-STABLE (FreeBSD 7.0-STABLE #16: Fri Mar 7 14:30:08 CET 2008) to today's STABLE- but not
2003 Sep 18
2
Patching jails
I'm going to apply the ssh patch. Applying it to the "real" server seems straightforward enough, but I'm wondering what the right procedure is to apply this patch to my jailed servers.
2005 Aug 18
4
Closing information leaks in jails?
Hello, I'm wondering about closing some information leaks in FreeBSD jails from the "outside world". Not that critical (depends on the application), but a simple user, with restricted devfs in the jail (devfsrules_jail for example from /etc/defaults/devfs.rules) can figure out the following: - network interfaces related data, via ifconfig, which contains everything, but the
2006 May 04
3
Jails and loopback interfaces
> I recently did something like this. I have a webserver in a jail that > needs to talk to a database, and the webserver is the only thing that > should talk to the databse. > My solution was to use 2 jails: one for the webserver, and another for the > database. > Jail 1: > * runs webserver > * binds to real interface with real, routable IP > Jail 2: > *
2003 Sep 10
2
jail + postgresql + System V IPC
HI everyone, I have resently installed a jail environment on my freebsd box, and had some problems getting postgresql running under it. After looking a bit on various mailinglists i figured out that I needed to set jail.sysvipc_allowed to be 1 using sysctl in order to make postgresql run. However man jail gives me: jail.sysvipc_allowed This MIB entry determines whether or not
2004 Apr 20
1
[patch] Raw sockets in jails
Although RAW sockets can be used when specifying the source address of packets (defeating one of the aspects of the jail) some people may find it usefull to use utilities like ping(8) or traceroute(8) from inside jails. Enclosed is a patch I have written which gives you the option of allowing prison-root to create raw sockets inside the prison, so
2017 Oct 24
3
scp setup jailed chroot on Centos7
-----Original Message----- From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Rainer Duffner Sent: Samstag, 21. Oktober 2017 00:41 To: CentOS mailing list Subject: Re: [CentOS] scp setup jailed chroot on Centos7 > Am 20.10.2017 um 15:58 schrieb Adrian Jenzer <a.jenzer at herzogdemeuron.com>: > > Dear all > > I'm looking for instructions on how to setup a
2019 Feb 18
4
Troubles upgrading jailed DC from 4.8.7 to 4.8.9
On 2/17/19 8:18 PM, Rowland Penny via samba wrote: > Possible things to check: > Is the ip for vlan1 10.1.2.34 ? Sure. It's the only IP vlan1 has inside the jail; it's shown as an alias on the base host. > Try just setting 'vlan1' You mean change "interfaces=vlan1 10.1.2.34/24" to just "interfaces=vlan1"? It doesn't change anything (still
2012 Apr 28
5
Restricting users from certain privileges
Hi: I could not figure out how to restrict users or other users from certain privileges to execute certain commands in FreeBSD/NanoBSD? What I meant is I want to create a NanoBSD image in which there will be an additional user, say 'admin'. I need to give this new user (admin) some privileges to run some root-can-only-execute commands, but not all (ACL similar to the firmwares in adsl
2003 Aug 05
6
Problems with JAIL in 4.8R
Hi, i've set the outside ip for the jail..It works.. When i try to ssh to jail'ed system from the main system (in which is created jail) the connection is successful, but when i try to connect to jailed system from anywhere else i get this message: ssh: connect to host IP_NUMBER port 22: Operation timed out What can be wrong here? How to solve this problem?
2012 Jun 12
1
[0x721427d8@gmail.com: [php<=5.4.3] Parsing Bug in PHP PDO prepared statements may lead to access violation]
FYI I verified this on a working system. ----- Forwarded message from 0x721427D8 0x721427D8 <0x721427d8@gmail.com> ----- Date: Sun, 10 Jun 2012 15:02:43 +0200 From: 0x721427D8 0x721427D8 <0x721427d8@gmail.com> To: bugtraq@securityfocus.com Subject: [php<=5.4.3] Parsing Bug in PHP PDO prepared statements may lead to access violation [php<=5.4.3] Parsing Bug in PHP PDO
2004 May 17
4
Multi-User Security
Hello list. I would like to get your opinion on what is a safe multi-user environment. The scenario: We would like to offer to some customers of ours some sort of network backup/archive. They would put daily or weekly backups from their local machine on our server using rsync and SSH. Therefore, they all have a user account on our server. However, we must ensure that they would absolutely not be
2005 Jan 11
1
Possible security issue with jails
Howdy! I'm not sure if this is actually an issue, feature or a bug, but I have found that inside a jail, the jailed root user is able to sniff traffic (and enable promiscuous mode) on at least the interface of the IP address the jail is attached to. I have not found any documentation explaining if this should occur or not, but I feel it is something that should at least be known to those
2015 Jul 11
1
Problem with Samba 4.2/FreeBSD10.1
On 11/07/15 10:16, Rowland Penny wrote: > On 11/07/15 04:06, Lee Brown wrote: >> Hi Everyone, my first foray into Samba and AD both. >> >> Not sure if this is an OS or configuration problem. I've found similar >> issues, but nothing either recent enough (is related to samba 3) or >> close >> enough. >> >> FreeBSD-10.1-RELENG, Samba 4.2.2.
2007 Jan 11
2
FreeBSD Security Advisory FreeBSD-SA-07:01.jail
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:01.jail Security Advisory The FreeBSD Project Topic: Jail rc.d script privilege escalation Category: core Module: etc_rc.d Announced:
2013 Feb 15
1
mount lag, umounting returns wrong "Device busy"
Hello, while playing with new jail features, I recognized that manually umounting doesn't work as I'd expect. After jail has been destroyed, the following mountpoint is active: /dev/gpt/jailname1ROOT on /.jail.jailname1 (ufs, local, read-only) There was var mounted to /.jail.jailname1/var but that sucessfully umounted. 'fstat' also shows no open files in /.jail.jailname1 But