Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Sun
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Accessing Solaris 10 Local Zones from the Global Zone, security risk

from [Alexander Klimov] Network Security [Permanent Link]
Subject: Re: Accessing Solaris 10 Local Zones from the Global Zone, security risk
Date: Wed, 3 Aug 2005 12:43:37 +0300 (IDT) 
On Sun, 31 Jul 2005 magnus@secit.se wrote:

I found an interesting topic in the newly released Solaris Security Toolkit 
(v4.2).

Quote: "Because of security risks, you should never access a
non-global zone file system from outside that zone. A path that is
not dangerous in a non-global zone can be dangerous in the global
zone. For example, a non-global zone administrator can link the
/etc/shadow file to the ../../../shadow file. Inside the non-global
zone, this is harmless, but modifications to the file from the
global zone, using the path /opt/testzone/etc/shadow, would edit the
global zone▓s /etc/passwd file. Again, a non-global zone should
never be hardened, undone, cleaned, or even audited unless you are
logged into that zone."

Now this is VERY interesting. If I understand this correctly, I
should never (!) access files in the /zone/myzone/root directory
when inside the global zone! Did I understand this correctly?


I think this is an overreaction. There are a lot of things which when
done in uproper (even if common) way can lead to problems. For
example,

find ... -mtime ... | xargs rm

can lead, e.g., to deletion of some other files if find finds
something with space (e.g., file named "My files"). This does not mean
that we should ban find, or xargs, or spaces in filenames.

So yes, some attacks are possible, but it does not mean that you
should always go inside the zone -- just be cautious (e.g., check if a
file is in fact a soft link before editing it, or configure your
editor to warn you about it).

-- 
Regards,
ASK
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Accessing Solaris 10 Local Zones from the Global Zone, security risk, magnus
Next by Date:  Securing Solaris 10, James Craig
Previous by Thread:  Accessing Solaris 10 Local Zones from the Global Zone, security risk, magnus
Next by Thread:  Securing Solaris 10, James Craig
Indexes:  [Date] [Thread] [Top] [All Lists]