[hobbit] Issues with hobbitd loading

Henrik Stoerner henrik at hswn.dk
Wed Apr 11 17:37:50 CEST 2007


Hi Don,

On Tue, Apr 10, 2007 at 09:28:56AM -0400, Don Munyak wrote:
> Aside from the obvious "Processes in jail can use System V IPC
> primitives", what does this mean in terms of security.
> I understand that should a jail get hacked, the hacker can use system
> V IPC primitives. How and to what extent?

I'm not very familiar with FreeBSD, so you're probably better off asking
someone else. But I'd suspect that the SysV IPC mechanisms may not be
constrained inside the jail, so that a jail'ed process can connect to a
shared memory segment which was created outside the jail.

And likewise, a process outside the Hobbit jail may be able to access
the shared memory segments that Hobbit sets up inside the jail.

You can try this: Start Hobbit inside the jail. From outside the jail,
try running (as root) "ipcs -m". If this lists a handful of shared
memory segments owned by the Hobbit userid, then the shared memory that
Hobbit has setup inside the jail is also visible outside the jail.


>From a security perspective, I guess the main risk involved is that
of having a channel that can be used to leak information via a
shared memory segment from inside the jail to outside the jail.


Regards,
Henrik




More information about the Xymon mailing list