FreeBSD: Escaping a jailed environment
Ғылым және технология
In this video I will show why you should not run services inside a jail as root user. In a short summary - if you have also access to the main system (through SSH, a shell, a broken app, whatever...), and are also able to break into the jail, getting root in the jail - then, an attacker is just a few steps away from getting a root shell into the main machine!
This video is supposed to be instructional and its aim is to raise awareness about the need to properly configure and harden your systems! If you misuse the information hereby provided, you do so at your own risk!
NOTE: unfortunately, I had the "brilliant" idea to use a terminal with a red color background to visually show when I was running commands as root in the main machine. This idea has backfired, a the color that I have chosen is horrible to the eyes... This is my 14th video... so, I am still learning... and mistakes happen...
In any case, I hope you enjoy the content and have a great day :-)
Пікірлер: 17
I started to watch this at work and my phone and didn't think the red was too bad, then I got I got home and watched the rest ... yeah I see what you mean. Nice video.
@BSDJedi
Ай бұрын
Yes... I am still learning a lot on how to make these videos good quality. Thanks for the nice comment :-)
@Kolor-kode
Ай бұрын
@@BSDJedi and it's appreciated. Used to use OpenBSD back in the day (when ever that openssh auth bypass by Gobbles came out) and more recently Nomad and Ghost spins but thinking it's time to format the laptop.
Nice video! I saw that video on FreeBSD discord. Thank you.
@BSDJedi
Ай бұрын
Cool. Nice that you stop by :-) and thank you for the comment.
Setuid is a feature from another era where security was not as big of a concern. I'd recommend turning it off on the filesystem level. A similar exploit exists with NFS. So never mount NFS and allow setuid as you could get done by root on another machine becoming root on your machine. I need to play with jails. Looks fairly straight forward.
@vk3fbab
Ай бұрын
Also great work and don't worry too much about the red. I'm just glad you're making content about the wonderful OS that is FreeBSD. Red is a great FreeBSD colour.
@BSDJedi
Ай бұрын
Cool. I did not know about the NFS thingy - but it only makes sense. In my understanding, jails are "glorified chroot's" - but don't quote me on that :-) Yes they are really really nice but, as with everything, if someone uses this technology, they should know what they are doing...
Many thanks for the sharing. For the red colour, I think the idea is excellent except that it is too red. What about black-on-white for users, and black-on-pink for root? Alternatively, can we have terminals bordered with different colours?
@BSDJedi
Ай бұрын
That is a great suggestion with the bordered colors - I (currently) do not know how to do it, but will for sure investigate it because that would be the optimal solution, IMHO :-)
can you show the demo on cve-2020-25584 i.e how to escape from the jail
@BSDJedi
Ай бұрын
Thank you - nice one - I was not aware of this... :-) Always learning... I will check it out and if I can easily reproduce, I might go for a video...
@Cyber-wt9kh
Ай бұрын
@@BSDJedi have you check
@BSDJedi
Ай бұрын
Hi. Yes, I have checked the problem, but until now I could not reproduce the issue, and could not find any source with a good PoC. Still investigating if I can do it, in some free time I have, but looks a bit difficult to get it done. Last time I tried to debug the kernel, to see if the method that I am using is somehow working. The description of the issue is very laconic, which is good - not only the (potential) issue has been fixed, but it makes it take much more effort for a potential attacker to reproduce it... If you have any information about a PoC, I would be glad to investigate further; otherwise it might just take time to get things all together.... :-(
@Cyber-wt9kh
Ай бұрын
@@BSDJedi THANKS FOR THE REPLY
Red Terminal color is not good to read and follow your steps.
@BSDJedi
Ай бұрын
Yes, I agree - had good intention, but at the end was a bad choice... I learned the lesson - next videos will not have red color in the terminal... in any case, i hope you liked the content... cheers!