Re: jail file and directory permissions

[Erich Jenkins, Fuujin Group Ltd]

Greg Larkin wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Erich Jenkins, Fuujin Group Ltd wrote:
Kalle Møller wrote:
<snip>
Could you please make a command list on what your doing and with
output.. like this ...

--

Med Venlig Hilsen

Kalle R. Møller
</snip>

Here's what I'm seeing:

jail0495> pwd
/usr/home/testuser
jail0495> ll
-rw-------   1 testuser rmtuser   1957 Apr 12 02:22 .history
drwxr--r--   2 root     wheel     1024 Apr 12 02:22 testdir
jail0495> users
testuser
jail0495> cd testdir
jail0495> ll
-rw-r--r--   2 root     wheel     4096 Apr 12 02:24 textfile.txt
jail0495> rm textfile.txt
override rw-r--r--  root/wheel for textfile.txt ? y
jail0495> ll
total 0
jail0495>

As you can see, this is of great concern.


Hi Erich,

I use jails extensively on my company systems here, so I am interested
in this problem.  I set up a test environment that I believe mirrors yours:

jail54# pwd
/usr/home/glarkin
jail54# ls -al testdir
total 6
drwxr--r--  2 root     wheel    512 Apr 12 08:52 .
drwxr-xr-x  5 glarkin  glarkin  512 Apr 12 08:52 ..
- -rw-r--r--  1 root     wheel      7 Apr 12 08:52 foo.txt
jail54# # exit
[glar...@jail54 ~]$ cd testdir
- -bash: cd: testdir: Permission denied
[glar...@jail54 ~]$ rm testdir/foo.txt
rm: testdir/foo.txt: Permission denied
[glar...@jail54 ~]$ rm -rf testdir
rm: testdir/foo.txt: Permission denied
rm: testdir: Directory not empty

My situation is slightly different than yours, since my jails are based
on FreeBSD 6.4, instead of 7.x.

As a first step to troubleshooting, please log in to your jail as your
non-privileged user, run the following commands from its home directory,
then post the permtest1.log and permtest2.log files somewhere that we
can review them:

truss -f -a -s 256 -o permtest1.log cd testdir

truss -f -a -s 256 -o permtest2.log rm testdir/textfile.txt

Also run the "df" and "mount" commands from the user's home directory
inside the jail as well as from the same directory but outside of the
jail context.  Please post the output of those commands somewhere as well.

Thank you,
Greg
- --
Greg Larkin

http://www.FreeBSD.org/           - The Power To Serve
http://www.sourcehosting.net/     - Ready. Set. Code.
http://twitter.com/sourcehosting/ - Follow me, follow you
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFLwxsx0sRouByUApARAtTPAJ9sacXc0MdWT9CwYUXTBu7i+Ks+qwCePUN4
D5EwzGjeAaCCdMMtsbr0G60=
=YPlm
-----END PGP SIGNATURE-----

_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

Greg:

Interestingly enough, this is what I get when running truss:

truss: cannot open /proc/curproc/mem: No such file or directory
truss: cannot open1 /proc/13713/mem: No such file or directory

However, Ian made a suggestion that completely eluded me: simply look at 
the effective user and group info via id -p (which I should have done 
prior to posting in the first place, my apologies). The output was:

jail0495> id -p
login   testuser
uid     root
groups  wheel  rmtuser

However,

jail0495> users
testuser

So apparently, this install thinks the user has root privileges. Here's 
where it gets strange. I rebooted the box (this is in a lab), and logged 
back in as the user, but did not su to root. I did a few things that 
seem easy to follow from the command line, but please ask if anything is 
unclear:

jail0495> id -p
uid     testuser
groups  rmtuser
jail0495> pwd
/usr/home/testuser
jail0495> ll
-rw-------   1 testuser rmtuser   1957 Apr 12 02:22 .history
drwxr-xr-x   2 root     wheel     1024 Apr 12 02:22 testdir

(this is a login with a user in the wheel group from another session)
jail0495> su root
Password:
jail0495# cd testdir
jail0495# ll
total 0
jail0495# dd if=/dev/random of=testfile bs=10k count=1
1+0 records in
1+0 records out
10240 bytes transferred in 0.000632 secs (16207424 bytes/sec)
jail0495# ll
-rw-r--r--   1 root     wheel    10240 Apr 12 15:18 testfile
jail0495# exit
exit
jail0495> exit
(this is the end of that session)

(back to the first session with the unprivileged user)
jail0495> id -p
login   testuser
uid     root
groups  wheel  rmtuser
jail0495> users
testuser
jail0495>

To be honest, my first thought was "What the hell is this!?!" So, I 
rebooted the box again after remembering something about user privilege 
escalation in an older release of NetBSD I had seen some years ago. 
(since we're talking jails, this problem is FreeBSD related, just to be 
clear)

Now I get this after a fresh reboot:

login as: testuser
Using keyboard-interactive authentication.
Password:
Last login: Mon Apr 12 14:46:26 2010 from [ redacted ]
<snip>

jail0495> users
testuser
jail0495> pwd
/usr/home/testuser
jail0495> ll
-rw-------   1 testuser rmtuser   1957 Apr 12 02:22 .history
drwxr-xr-x   2 root     wheel     1024 Apr 12 02:22 testdir
jail0495> cd testdir
jail0495> ll
-rw-r--r--   1 root     wheel    10240 Apr 12 15:18 testfile
jail0495> rm testfile
override rw-r--r--  root/wheel for testfile ? y
rm: testfile: Permission denied
jail0495>

But watch this after an su from another session:

(testuser is NOT a member of the wheel group!! and this is not the su 
session, but the first login session)
jail0495> id -p
login   testuser
uid     root
groups  wheel  rmtuser
jail0495> users
testuser
jail0495> rm testfile
override rw-r--r--  root/wheel for testfile ? y
jail0495> ll
total 0
jail0495>

It gets worse. I added another user not in the wheel group, and created 
another group for this new user. Then I logged in as this user, and as 
the other test user from another session. It appears that once there has 
been an SU to root, ALL users have root permissions regardless of their 
group membership or login privileges.

Since this was a buildworld copied via NFS from a build environment, it 
appears that something has gone terribly wrong during the build. I'm 
going to wipe this machine and do a completely fresh install of 7.0-REL, 
buildworld, and set up a jail to see if something did indeed break, or 
if this is an actual bug.

Thank you very much to everyone who's responded to this issue. Your 
input has been instrumental in helping troubleshoot this. I'll post as 
soon as the build completes and I have a chance to test this tonight.

Erich M. Jenkins
Fuujin Group Limited

"You should never, never doubt what no one is sure about."
-- Gene Wilder
_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"