Full Disclosure mailing list archives
Re: Possible security issue with FreeBSD 5.4 jailing and BPF
From: "Simon L. Nielsen" <simon () FreeBSD org>
Date: Tue, 12 Jul 2005 12:37:47 +0200
On 2005.07.11 23:54:15 +0200, ronvdaal wrote:
While playing around with FreeBSD 5.4 and jailing I discovered that it was possible to put an ethernet interface into promiscious mode from within the jailed environment, allowing a packetsniffer to gather data not meant for the jailed box. This also affects FreeBSD 5.3 (tested) but not FreeBSD 4.x This can be reproduced on boxes where BPF support is enabled in the kernel and a BPF device is available in the jail (badly configured devfs/no rules)
[...]
Usage of devfs rulesets is highly recommended as stated in the manpages. Though a misconfiguration at this point would expose a big security issue. The question is: should bpfopen() in bpf.c check for a jailed proc or not?
This is not really a security bug since, as stated in the jail(8) manual, you should use devfs rulesets if you are using jails as a security measure. Exposing a complete /dev file-system inside a jail is a bad idea security wise, not just with regards to BPF. -- Simon L. Nielsen FreeBSD Security Team
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Possible security issue with FreeBSD 5.4 jailing and BPF ronvdaal (Jul 11)
- Re: Possible security issue with FreeBSD 5.4 jailing and BPF Simon L. Nielsen (Jul 12)
- Re: Possible security issue with FreeBSD 5.4 jailing and BPF ronvdaal (Jul 12)
- Re: Possible security issue with FreeBSD 5.4 jailing and BPF Simon L. Nielsen (Jul 12)
- Re: Possible security issue with FreeBSD 5.4 jailing and BPF Robert Watson (Jul 12)
- Re: Possible security issue with FreeBSD 5.4 jailing and BPF ronvdaal (Jul 12)
- Re: Possible security issue with FreeBSD 5.4 jailing and BPF Simon L. Nielsen (Jul 12)