Project

General

Profile

Bug #1612

? security problem with zones

Added by Richard PALO almost 8 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Start date:
2011-10-08
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:

Description

Hi, I'm running oi_151a based on Illumos...
Having created a zfs data set /zones and having chmod 700 /zones

richard@x3200:~# ls -lapd /zones
drwx------   3 root     root           3 oct.  7 14:22 /zones/

normally, only root has access.

I created a dev-zone

richard@x3200:~# zonecfg -z dev-zone info
zonename: dev-zone
zonepath: /zones/dev-zone
brand: ipkg
autoboot: true
bootargs: 
pool: 
limitpriv: 
scheduling-class: 
ip-type: exclusive
hostid: 
fs-allowed: 
net:
    address non spécifié
    allowed-address non spécifié
    physical: vnic0
    defrouter non spécifié

installed it and all, and seems fine.
richard@x3200:~# zoneadm list -v
  ID NAME             STATUS     PATH                           BRAND    IP    
   0 global           running    /                              ipkg     shared
   1 dev-zone         running    /zones/dev-zone                ipkg     excl  

Invoking 'df' unprivileged I can see paths deeper than /zones

richard@x3200:~$ df
Filesystem           1K-blocks      Used Available Use% Mounted on
rpool/ROOT/oi_151a    20765214   8315315  12449899  41% /
swap                   4897856       488   4897368   1% /etc/svc/volatile
/usr/lib/libc/libc_hwcap2.so.1
                      20765214   8315315  12449899  41% /lib/libc.so.1
swap                   4897412        44   4897368   1% /tmp
swap                   4897480       112   4897368   1% /var/run
rpool/export          12449932        33  12449899   1% /export
rpool/export/dossiers
                      12449940        41  12449899   1% /export/dossiers
rpool/export/home     12449931        32  12449899   1% /export/home
rpool/export/home/richard
                      25460853  13010954  12449899  52% /export/home/richard
rpool                 12449944        45  12449899   1% /rpool
rpool/zones           12449931        32  12449899   1% /zones
df: `/zones/dev-zone': Permission refusée
df: `/zones/dev-zone/root': Permission refusée
df: `/zones/dev-zone/root/dev': Permission refusée
df: `/zones/dev-zone/root/proc': Permission refusée
df: `/zones/dev-zone/root/system/contract': Permission refusée
df: `/zones/dev-zone/root/etc/mnttab': Permission refusée
df: `/zones/dev-zone/root/system/object': Permission refusée
df: `/zones/dev-zone/root/etc/svc/volatile': Permission refusée
df: `/zones/dev-zone/root/lib/libc.so.1': Permission refusée
df: `/zones/dev-zone/root/dev/fd': Permission refusée
df: `/zones/dev-zone/root/tmp': Permission refusée
df: `/zones/dev-zone/root/var/run': Permission refusée
/export/home/richard  25460853  13010954  12449899  52% /home/richard

Wouldn't this be considered a breach of security?

History

#1

Updated by Yuri Pankov almost 8 years ago

And if you are reading filesystem(5) you should be executed right there..

#2

Updated by Rich Lowe almost 8 years ago

They're visible because they're in the mount table, the same way anything is (you could have found them in 'mount' output, and /etc/mnttab also.

It's hard to argue it's security-relevant.

#3

Updated by Milan Jurik over 7 years ago

  • Status changed from New to Closed
  • Tags deleted (needs-triage)

Not a defect.

Also available in: Atom PDF