devfs -- ruleset bypass

ID 7257B26F-0597-11DA-86BC-000E0C2E438A
Type freebsd
Reporter FreeBSD
Modified 2005-07-20T00:00:00


Problem description Due to insufficient parameter checking of the node type during device creation, any user can expose hidden device nodes on devfs mounted file systems within their jail. Device nodes will be created in the jail with their normal default access permissions. Impact Jailed processes can get access to restricted resources on the host system. For jailed processes running with superuser privileges this implies access to all devices on the system. This level of access can lead to information leakage and privilege escalation.