FreeBSD Jails Security

bell-cot 8 months ago | parent | next [-]

Worth noting, for those unfamiliar:

Similar to a real-world prison, an "inescapable" FreeBSD jail may be easy to break out of, if you have help from the guards & staff. In particular, `man jail` warns against an easy route for a jailed root user to, with a quick assist from a low-privilege user on the host system, gain root on the host. So if the security is lax within one of your jails, because "it's all locked in a jail, they can't do much" - yeah.

▲

soupbowl 8 months ago | parent [-]

A low-privilege user that has access to the jails root directories? That server is setup pretty poorly.

▲

bell-cot 8 months ago | parent [-]

> is set up pretty poorly.

Arguably true. But IRL, there can be all sorts of reasons for some user(s) to have access to /jails/prison_n/ - including limited supplies of time and skill when the host system was set up, or later modified.

	▲	soupbowl 8 months ago \| parent [-]
		Indeed. Just as a linux admin could do something silly with docker volumes or literally anything on any server platform.

▲

8 months ago | parent | prev [-]

[deleted]