# jail_sysvipc_allow



## icecoke (Nov 19, 2012)

Hi there,

I looked around about jail_sysvipc_allow in jails and found some hints about a possible danger in enabling shared memory, because it's shared in the host and other jails as well and not only in one specific jail. So far so good. On the other hand we know it's needed for postgresql to run and in some jails I need postgresql.

So, are there some articles about a specific risk, about ways the shared mem was used to compromise other jails? Is there a way to limit this risk while I keep jail_sysvipc_allow enabled?

I just want to know more to hopefully get an idea how risky it is at all. Atm I saw hints about a risk but I found no article going deeper into this.

Btw. could BSD mmap raise the same risk?

The only thing I found is this http://serverfault.com/questions/15...ions-of-using-allow-sysvipc-in-a-freebsd-jail which tells what I already expected. Is there more that is widely known?

Many thanks in advance!

Jimmy


----------



## mamalos (Nov 22, 2012)

As far as I can understand -and I am no expert about FreeBSD's internals-, jail_sysvipc_allow allows communication among processes using the SYSV IPC mechanism. After this directive is enabled in a jail, at least the root user of the jail is able to communicate with other processes of the system using this IPC mechanism. Hence, it's a matter of time *and* skill of the jail's root user to write a program that breaks the jail. 

As far as how one could remove this risk, I am not sure that it can be done, at least with the current implementation. 

As far as the risk itself is concerned, it's obvious lower than running your service in jail 0, since the potential attacker needs to know his ways with FreeBSD jail-braking.

Of course, as I've mentioned in my first sentence, I am no FreeBSD-development expert, so there is a high possibility that I might be omitting something fundamental...


----------



## icecoke (Nov 22, 2012)

@mamalos,

thanks a lot for touching this thread. I guess it's not easy to answer and that there more therotical concerns than practical experiences around. Becoming root is a matter of time and skill, so nothing I can overlook at all, but as small as good the freshness of the system I guess.

I'm still interested in further comments. Please, everyone out there, let me know.
icecoke


----------



## mamalos (Nov 22, 2012)

icecoke said:
			
		

> ...but as small as good the freshness of the system I guess.



Yes, this minimizes the overall threat of your system to be related only to those having 0days for your public services and OS.


----------

