chflags on .history

icecoke

icecoke

Hello,

I'm running jails in FreeBSD 9.1 and tried to chflags sappnd /jailed/path/root/.history of the jailed system (seclevel 1) from out of the host (seclevel 0)

The problem is I can see the correct flag with 'ls -lo', but nothing is appended to the .history file on logoff from the jail as root.

Did I missed something here?

Best regards,
Jimmy
 
The jail can't have a different securitylevel than the host. There's only one kernel running and it's the kernel that sets the securitylevel.
 
SirDice said:
The jail can't have a different securitylevel than the host. There's only one kernel running and it's the kernel that sets the securitylevel.
Click to expand...

Really? Did I missed a change of the man jail(8) or did you missed to read the manpage?
Code: 
[root@testvs ~]# sysctl kern.securelevel
kern.securelevel: 1
[root@testvs ~]# exit
logout
[root@freebsd ~]# sysctl kern.securelevel
kern.securelevel: 0
But aside that it does not answer nor explain my initial question about .history and a 'chflags sappnd'. Do you have any idea about this?
 
Nope, it was just a relatively new feature of jail(8) I wasn't aware off.

Not sure why it's not working, I'm also not entirely sure about the differences between sappnd and uappnd (besides the obvious root vs. user). You might want to try the latter, root inside the jail is treated as a 'normal' user on the host. It would be somewhat inconsistent though as I would expect sappnd to work for root inside the jail too. You might want to try it with a regular file first. History seems to get screwed if you happen to be logged in more than once.
 
SirDice said:
Nope, it was just a relatively new feature of jail(8) I wasn't aware off.
Click to expand...

Surprising how time passes, isn't it ;) The different securelevel was introduced in FBSD 6.2, so about May 2006.

But I guess you'r absolutely right, for me it seems that history does not just append to the .history file. I havn't looked in the csh code, but I would guess fopen is not just used with 'a' but any different mode.

It would be still a nice way to have some idea over what was done in a compromised jail, if done by shell, so I wonder if I will change the code. On the other hand, I learned from you to NOT touch the things under /bin etc ;) So I will probably contact the csh maintainer.
 
icecoke said:
But I guess you'r absolutely right, for me it seems that history does not just append to the .history file. I havn't looked in the csh code, but I would guess fopen is not just used with 'a' but any different mode.
Click to expand...
Didn't think about that but I guess that's also a possibility. Maybe it has something to with the 'merge' option of the history. I suppose that means the file isn't really appended but it's a new file that gets created each time and it just looks like the data is appended.
 
See sh.hist.c, rechist()

It's even done with creat() instead of open(), so sappnd would complain even without -m (merge) settings. And the logic does not allow just an append. I wonder why there are some 'tips' around to sappnd on .history, when it can't work by code design....hmm... Can't believe it was with open() and then changed to creat() - so maybe some people did not checked their own advises ;)

I guess someone mixed bash with csh, because I just tried around with bash and there it works to put an sappnd on .bash_history to achieve this. But I just don't want to move to bash :(

Anyway, thanks for thinking about it with me.
 
You must log in or register to reply here.
Back
Top