[EMAIL PROTECTED] wrote:
On Sun, May 28, 2006 at 03:46:06PM +0200, Anatoli Klassen wrote:
Hi All,
if security.bsd.see_other_uids is set to 0, users from the main system
can still see processes from jails if they have (by accident) the save uid.
For me it's wrong behavior because the main system and the jail are two
different systems where uids are independent.
Sorry but you have far bigger security problems if you create such a
setup. E.g. "users" from the outer system can ptrace the processes in
the jail with the same uid.
But ptrace uses the same function p_cansee for security check.
Does it mean than "outer" user is more privileged as "jailed" root? Is
it intended?
Regards,
Anatoli
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
