Hi,
Matteo Riondato wrote:
Hello hackers!
I've a few questions about jail(8) and hope you'll be so kind to answer them =)
First of all: Why is procfs(5) required inside a jail (speaking about 5.x and 6) ? " As procfs is considered deprecated due to its inherent security risks",why should it be used inside a jail?
Maybe some software might not work without it, so it is a good thing to have it around. You don't need to start a jail with procfs, it is your decision.
Second question: why does an "ifconfig" from inside a jail list every network card present in the host system? Wouldn't it be better if only lo0 and the interface with the jail IP are listed ? I think it will, because it's my personal opinion (please refute me, I can be wrong) that one jail's purpouses is to fool the jail users, making them believe that they are inside a real system. I came to this conclusion reading about security.jail.getfstatroot_only in jail(8).
In general, I don't think it is about fooling the jail user. It is about isolating the user or the attacker that manages to get into the jail. I think this is why the jail was initialy created.
Also, you might find this link interesting: http://kerneltrap.org/node/view/3075
Thank you in advance for your replies. Best Regards
With respect,
-- Claudiu Dragalina-Paraipan e-mail: [EMAIL PROTECTED]
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
