In message <[EMAIL PROTECTED]>, Matthew Dillon w
rites:
>:
>:In message <[EMAIL PROTECTED]>, Matthew Dillon w
>:rites:
>:> Hmm. While tracking down a null mount issue I think I might have
>:> come across a potentially serious problem with jail. It seems to
>:> me that it would be possible for someone inside a jailed environment
>:> to 'steal' pty's, tty's, or the tty side of a pty that is being
>:> used from within other jails or by processes outside the jail. Has
>:> this ever come up before?
>:
>:There has always been code in kern/tty_pty.c which makes sure that the
>:master and slave have the same prison:
>:
>: } else if (pti->pt_prison != td->td_ucred->cr_prison) {
>: return (EBUSY);
>:
>:
>:--
>:Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
>:[EMAIL PROTECTED] | TCP/IP since RFC 956
>
> Ah, excellent. Is there a limit inside the prison so a jail cannot
> exhaust all available ptys?
No.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
[EMAIL PROTECTED] | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
