On Sun, 31 Jul 2005 magnus (at) secit (dot) se [email concealed] wrote:
> I found an interesting topic in the newly released Solaris Security Toolkit (v4.2).
>
> Quote: "Because of security risks, you should never access a
> non-global zone file system from outside that zone. A path that is
> not dangerous in a non-global zone can be dangerous in the global
> zone. For example, a non-global zone administrator can link the
> /etc/shadow file to the ../../../shadow file. Inside the non-global
> zone, this is harmless, but modifications to the file from the
> global zone, using the path /opt/testzone/etc/shadow, would edit the
> global zone?s /etc/passwd file. Again, a non-global zone should
> never be hardened, undone, cleaned, or even audited unless you are
> logged into that zone."
>
> Now this is VERY interesting. If I understand this correctly, I
> should never (!) access files in the /zone/myzone/root directory
> when inside the global zone! Did I understand this correctly?
I think this is an overreaction. There are a lot of things which when
done in uproper (even if common) way can lead to problems. For
example,
find ... -mtime ... | xargs rm
can lead, e.g., to deletion of some other files if find finds
something with space (e.g., file named "My files"). This does not mean
that we should ban find, or xargs, or spaces in filenames.
So yes, some attacks are possible, but it does not mean that you
should always go inside the zone -- just be cautious (e.g., check if a
file is in fact a soft link before editing it, or configure your
editor to warn you about it).
> I found an interesting topic in the newly released Solaris Security Toolkit (v4.2).
>
> Quote: "Because of security risks, you should never access a
> non-global zone file system from outside that zone. A path that is
> not dangerous in a non-global zone can be dangerous in the global
> zone. For example, a non-global zone administrator can link the
> /etc/shadow file to the ../../../shadow file. Inside the non-global
> zone, this is harmless, but modifications to the file from the
> global zone, using the path /opt/testzone/etc/shadow, would edit the
> global zone?s /etc/passwd file. Again, a non-global zone should
> never be hardened, undone, cleaned, or even audited unless you are
> logged into that zone."
>
> Now this is VERY interesting. If I understand this correctly, I
> should never (!) access files in the /zone/myzone/root directory
> when inside the global zone! Did I understand this correctly?
I think this is an overreaction. There are a lot of things which when
done in uproper (even if common) way can lead to problems. For
example,
find ... -mtime ... | xargs rm
can lead, e.g., to deletion of some other files if find finds
something with space (e.g., file named "My files"). This does not mean
that we should ban find, or xargs, or spaces in filenames.
So yes, some attacks are possible, but it does not mean that you
should always go inside the zone -- just be cautious (e.g., check if a
file is in fact a soft link before editing it, or configure your
editor to warn you about it).
--
Regards,
ASK
[ reply ]