In message <[EMAIL PROTECTED]> Peter Wemm writes:
: As bizzare as it sounds, I like Julian's hack for populating this stuff...
: ie: use a hard link to propagate nodes to the jailed /dev.
:
: eg: mount -t devfs -o empty /home/jail/dev
: ln /dev/null /home/jail/dev/null
: ln /dev/zero /home/jail/dev/zero
: ...
: mount -u -o ro /home/jail/dev
But you can't do hard links accross file systems. Or is that a hack
of devfs to allow it, and if so does that create any other security
problems. Recall the security implications of having procfs's 'file'
file. He made a hard link to the file in question, and exposed many
different classes of problem: unwanted disclosure, failure to take
into account directory permissions, the ability to hard link to the
file and execute it later (bad for setuid programs), etc.
Warner
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
