I started to watch this at work and my phone and didn't think the red was too bad, then I got I got home and watched the rest ... yeah I see what you mean. Nice video.

@BSDJedi

Ай бұрын

Yes... I am still learning a lot on how to make these videos good quality. Thanks for the nice comment :-)

@Kolor-kode

Ай бұрын

@@BSDJedi and it's appreciated. Used to use OpenBSD back in the day (when ever that openssh auth bypass by Gobbles came out) and more recently Nomad and Ghost spins but thinking it's time to format the laptop.

Nice video! I saw that video on FreeBSD discord. Thank you.

@BSDJedi

Ай бұрын

Cool. Nice that you stop by :-) and thank you for the comment.

Setuid is a feature from another era where security was not as big of a concern. I'd recommend turning it off on the filesystem level. A similar exploit exists with NFS. So never mount NFS and allow setuid as you could get done by root on another machine becoming root on your machine. I need to play with jails. Looks fairly straight forward.

@vk3fbab

Ай бұрын

Also great work and don't worry too much about the red. I'm just glad you're making content about the wonderful OS that is FreeBSD. Red is a great FreeBSD colour.

@BSDJedi

Ай бұрын

Cool. I did not know about the NFS thingy - but it only makes sense. In my understanding, jails are "glorified chroot's" - but don't quote me on that :-) Yes they are really really nice but, as with everything, if someone uses this technology, they should know what they are doing...

Many thanks for the sharing. For the red colour, I think the idea is excellent except that it is too red. What about black-on-white for users, and black-on-pink for root? Alternatively, can we have terminals bordered with different colours?

@BSDJedi

Ай бұрын

That is a great suggestion with the bordered colors - I (currently) do not know how to do it, but will for sure investigate it because that would be the optimal solution, IMHO :-)

can you show the demo on cve-2020-25584 i.e how to escape from the jail

@BSDJedi

Ай бұрын

Thank you - nice one - I was not aware of this... :-) Always learning... I will check it out and if I can easily reproduce, I might go for a video...

@Cyber-wt9kh

Ай бұрын

@@BSDJedi have you check

@BSDJedi

Ай бұрын

Hi. Yes, I have checked the problem, but until now I could not reproduce the issue, and could not find any source with a good PoC. Still investigating if I can do it, in some free time I have, but looks a bit difficult to get it done. Last time I tried to debug the kernel, to see if the method that I am using is somehow working. The description of the issue is very laconic, which is good - not only the (potential) issue has been fixed, but it makes it take much more effort for a potential attacker to reproduce it... If you have any information about a PoC, I would be glad to investigate further; otherwise it might just take time to get things all together.... :-(

@Cyber-wt9kh

Ай бұрын

@@BSDJedi THANKS FOR THE REPLY

Red Terminal color is not good to read and follow your steps.

@BSDJedi

Ай бұрын

Yes, I agree - had good intention, but at the end was a bad choice... I learned the lesson - next videos will not have red color in the terminal... in any case, i hope you liked the content... cheers!