Hi Don,
On Tue, Apr 10, 2007 at 09:28:56AM -0400, Don Munyak wrote:
Aside from the obvious "Processes in jail can use System V IPC primitives", what does this mean in terms of security. I understand that should a jail get hacked, the hacker can use system V IPC primitives. How and to what extent?
I'm not very familiar with FreeBSD, so you're probably better off asking someone else. But I'd suspect that the SysV IPC mechanisms may not be constrained inside the jail, so that a jail'ed process can connect to a shared memory segment which was created outside the jail.
And likewise, a process outside the Hobbit jail may be able to access the shared memory segments that Hobbit sets up inside the jail.
You can try this: Start Hobbit inside the jail. From outside the jail, try running (as root) "ipcs -m". If this lists a handful of shared memory segments owned by the Hobbit userid, then the shared memory that Hobbit has setup inside the jail is also visible outside the jail.
From a security perspective, I guess the main risk involved is that of having a channel that can be used to leak information via a shared memory segment from inside the jail to outside the jail.
Regards, Henrik