I'm not sure if this is bug or works as designed, so before logging a bug asking here.
When you create new jail, as a jail "root" you have full access to physical disks /dev/adaX, on which are all zfs pools build.
That means, that from inside a jail you can read ALL raw data on ZFS disks.
And moreover, you will probably be able to rewrite all data on that disks, destroying whole system.
Steps to reproduce:
1. create new empty jail using gui:
Jails -> Add Jail -> Jail Name: test -> OK
2. login to jail:
[root@freenas] ~# jexec test csh
3. try read /dev/adaX disks:
root@test:/ # strings /dev/ada0|head
This is a NAS data disk and can not boot system. System halted.
EFI PART
- q+
- q+_mx
AWdO-
...
-> physical disks are readable from a jail.
I haven't tried to rewrite disks, as obviously I do not want to destroy my system, but jail root has write access too:
root@test:/ # ls -la /dev/ada0
crw-r----- 1 root operator 0x80 Mar 22 13:12 /dev/ada0
I'm running latest 9.3 version:
[root@freenas] ~# uname -a
FreeBSD freenas.local 9.3-RELEASE-p31 FreeBSD 9.3-RELEASE-p31 #0 r288272+33bb475: Wed Feb 3 02:19:35 PST 2016 root@build3.ixsystems.com:/tank/home/stable-builds/FN/objs/os-base/amd64/tank/home/stable-builds/FN/FreeBSD/src/sys/FREENAS.amd64 amd64
I'm not sure if this is bug or works as designed, but I tkink jails were created to protect rest of the system. If somebody gets jail root access by using some security hole in product installed in jail, then can destroy not only jail, but whole data on freenas system. It is also impossible to delegate jail root to others (after enabling sshd in jail), as access from jail is not well protected.
Thanks.
When you create new jail, as a jail "root" you have full access to physical disks /dev/adaX, on which are all zfs pools build.
That means, that from inside a jail you can read ALL raw data on ZFS disks.
And moreover, you will probably be able to rewrite all data on that disks, destroying whole system.
Steps to reproduce:
1. create new empty jail using gui:
Jails -> Add Jail -> Jail Name: test -> OK
2. login to jail:
[root@freenas] ~# jexec test csh
3. try read /dev/adaX disks:
root@test:/ # strings /dev/ada0|head
This is a NAS data disk and can not boot system. System halted.
EFI PART
- q+
- q+_mx
AWdO-
...
-> physical disks are readable from a jail.
I haven't tried to rewrite disks, as obviously I do not want to destroy my system, but jail root has write access too:
root@test:/ # ls -la /dev/ada0
crw-r----- 1 root operator 0x80 Mar 22 13:12 /dev/ada0
I'm running latest 9.3 version:
[root@freenas] ~# uname -a
FreeBSD freenas.local 9.3-RELEASE-p31 FreeBSD 9.3-RELEASE-p31 #0 r288272+33bb475: Wed Feb 3 02:19:35 PST 2016 root@build3.ixsystems.com:/tank/home/stable-builds/FN/objs/os-base/amd64/tank/home/stable-builds/FN/FreeBSD/src/sys/FREENAS.amd64 amd64
I'm not sure if this is bug or works as designed, but I tkink jails were created to protect rest of the system. If somebody gets jail root access by using some security hole in product installed in jail, then can destroy not only jail, but whole data on freenas system. It is also impossible to delegate jail root to others (after enabling sshd in jail), as access from jail is not well protected.
Thanks.