similar to: Rooting FreeBSD , Privilege Escalation using Jails (Pétur)

Every time I send a message to this list, I get a bounced email reply from some Russian exchange server for email address xlino@bvpress.ru. Is there an admin or a moderator for this list that can remove that email address from the list? Rob

I'm setting up a server where I plan to use Jails to improve security I also have installed and am configuring ipfilter. Here are my questions: Because I'm using Jails, I will have to have multiple ip aliases on the network interface. I will use ipfilter to specify what can go to each of the addresses. (e.g., allow only incoming to port 80 on the jail running apache). Another

Hello, on 9.1-R, I highly appreciate the new jail(8) and jail.conf capabilities. Thanks for that extension! But I have one problem: If I want to stop a jail with 'jaill -r jailname', I get "umount: unmount of /.jail.jailname failed: Device busy" It seems to me that the order of fstab.jailname entries are not reverted by jail(8) when shutting down/umounting. My C skills

I'm thinking of using jails to improve security on a server I am setting up. Specifically, I would like to put Apache/PHP in a jail, but I might like to set up 2-3 different jails for different purposes. I've found several examples showing how to set the jails up. My questions involve system requirements. Assuming plenty of disk space, 1GB ram and a dual processor PIII 1.13Ghz

Hello, I have some jails running on ZFS, so I have to mount devfs's into them. For this purpose, I have some similar lines in /etc/fstab: devfs /pool/jail/ldap/dev devfs rw 0 0 Where /pool is a ZFS filesystem. This has worked until today -when I upgraded from a previous 7-STABLE (FreeBSD 7.0-STABLE #16: Fri Mar 7 14:30:08 CET 2008) to today's STABLE- but not

I'm going to apply the ssh patch. Applying it to the "real" server seems straightforward enough, but I'm wondering what the right procedure is to apply this patch to my jailed servers.

Hello, I'm wondering about closing some information leaks in FreeBSD jails from the "outside world". Not that critical (depends on the application), but a simple user, with restricted devfs in the jail (devfsrules_jail for example from /etc/defaults/devfs.rules) can figure out the following: - network interfaces related data, via ifconfig, which contains everything, but the

> I recently did something like this. I have a webserver in a jail that > needs to talk to a database, and the webserver is the only thing that > should talk to the databse. > My solution was to use 2 jails: one for the webserver, and another for the > database. > Jail 1: > * runs webserver > * binds to real interface with real, routable IP > Jail 2: > *

HI everyone, I have resently installed a jail environment on my freebsd box, and had some problems getting postgresql running under it. After looking a bit on various mailinglists i figured out that I needed to set jail.sysvipc_allowed to be 1 using sysctl in order to make postgresql run. However man jail gives me: jail.sysvipc_allowed This MIB entry determines whether or not

Although RAW sockets can be used when specifying the source address of packets (defeating one of the aspects of the jail) some people may find it usefull to use utilities like ping(8) or traceroute(8) from inside jails. Enclosed is a patch I have written which gives you the option of allowing prison-root to create raw sockets inside the prison, so

-----Original Message----- From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Rainer Duffner Sent: Samstag, 21. Oktober 2017 00:41 To: CentOS mailing list Subject: Re: [CentOS] scp setup jailed chroot on Centos7 > Am 20.10.2017 um 15:58 schrieb Adrian Jenzer <a.jenzer at herzogdemeuron.com>: > > Dear all > > I'm looking for instructions on how to setup a

On 2/17/19 8:18 PM, Rowland Penny via samba wrote: > Possible things to check: > Is the ip for vlan1 10.1.2.34 ? Sure. It's the only IP vlan1 has inside the jail; it's shown as an alias on the base host. > Try just setting 'vlan1' You mean change "interfaces=vlan1 10.1.2.34/24" to just "interfaces=vlan1"? It doesn't change anything (still

Hi: I could not figure out how to restrict users or other users from certain privileges to execute certain commands in FreeBSD/NanoBSD? What I meant is I want to create a NanoBSD image in which there will be an additional user, say 'admin'. I need to give this new user (admin) some privileges to run some root-can-only-execute commands, but not all (ACL similar to the firmwares in adsl

Hi, i've set the outside ip for the jail..It works.. When i try to ssh to jail'ed system from the main system (in which is created jail) the connection is successful, but when i try to connect to jailed system from anywhere else i get this message: ssh: connect to host IP_NUMBER port 22: Operation timed out What can be wrong here? How to solve this problem?

Hello list. I would like to get your opinion on what is a safe multi-user environment. The scenario: We would like to offer to some customers of ours some sort of network backup/archive. They would put daily or weekly backups from their local machine on our server using rsync and SSH. Therefore, they all have a user account on our server. However, we must ensure that they would absolutely not be

FYI I verified this on a working system. ----- Forwarded message from 0x721427D8 0x721427D8 <0x721427d8@gmail.com> ----- Date: Sun, 10 Jun 2012 15:02:43 +0200 From: 0x721427D8 0x721427D8 <0x721427d8@gmail.com> To: bugtraq@securityfocus.com Subject: [php<=5.4.3] Parsing Bug in PHP PDO prepared statements may lead to access violation [php<=5.4.3] Parsing Bug in PHP PDO

Howdy! I'm not sure if this is actually an issue, feature or a bug, but I have found that inside a jail, the jailed root user is able to sniff traffic (and enable promiscuous mode) on at least the interface of the IP address the jail is attached to. I have not found any documentation explaining if this should occur or not, but I feel it is something that should at least be known to those

On 11/07/15 10:16, Rowland Penny wrote: > On 11/07/15 04:06, Lee Brown wrote: >> Hi Everyone, my first foray into Samba and AD both. >> >> Not sure if this is an OS or configuration problem. I've found similar >> issues, but nothing either recent enough (is related to samba 3) or >> close >> enough. >> >> FreeBSD-10.1-RELENG, Samba 4.2.2.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:01.jail Security Advisory The FreeBSD Project Topic: Jail rc.d script privilege escalation Category: core Module: etc_rc.d Announced:

Hello, while playing with new jail features, I recognized that manually umounting doesn't work as I'd expect. After jail has been destroyed, the following mountpoint is active: /dev/gpt/jailname1ROOT on /.jail.jailname1 (ufs, local, read-only) There was var mounted to /.jail.jailname1/var but that sucessfully umounted. 'fstat' also shows no open files in /.jail.jailname1 But