Re: security.bsd.see_other_uids for jails

2006-05-31 Thread John Baldwin
On Sunday 28 May 2006 11:25, David Malone wrote: On Sun, May 28, 2006 at 03:46:06PM +0200, Anatoli Klassen wrote: if security.bsd.see_other_uids is set to 0, users from the main system can still see processes from jails if they have (by accident) the save uid. For me it's wrong

Re: security.bsd.see_other_uids for jails

2006-05-31 Thread David Malone
Mostly off-topic, but couldn't you simplify the logic here slightly: Definitely! I was originally going to compare jail IDs, but realized I could just compare the jail pointers. Evidently my fingers were still thinking about how to implement it the other way. ;-) David.

Re: security.bsd.see_other_uids for jails

2006-05-29 Thread Anatoli Klassen
David Malone wrote: On Sun, May 28, 2006 at 03:46:06PM +0200, Anatoli Klassen wrote: if security.bsd.see_other_uids is set to 0, users from the main system can still see processes from jails if they have (by accident) the save uid. For me it's wrong behavior because the main system and the

Re: security.bsd.see_other_uids for jails

2006-05-29 Thread Robert Watson
On Mon, 29 May 2006, Anatoli Klassen wrote: David Malone wrote: On Sun, May 28, 2006 at 03:46:06PM +0200, Anatoli Klassen wrote: if security.bsd.see_other_uids is set to 0, users from the main system can still see processes from jails if they have (by accident) the save uid. For me it's

security.bsd.see_other_uids for jails

2006-05-28 Thread Anatoli Klassen
Hi All, if security.bsd.see_other_uids is set to 0, users from the main system can still see processes from jails if they have (by accident) the save uid. For me it's wrong behavior because the main system and the jail are two different systems where uids are independent. Could somebody

Re: security.bsd.see_other_uids for jails

2006-05-28 Thread joerg
On Sun, May 28, 2006 at 03:46:06PM +0200, Anatoli Klassen wrote: Hi All, if security.bsd.see_other_uids is set to 0, users from the main system can still see processes from jails if they have (by accident) the save uid. For me it's wrong behavior because the main system and the jail are

Re: security.bsd.see_other_uids for jails

2006-05-28 Thread Anatoli Klassen
[EMAIL PROTECTED] wrote: On Sun, May 28, 2006 at 03:46:06PM +0200, Anatoli Klassen wrote: Hi All, if security.bsd.see_other_uids is set to 0, users from the main system can still see processes from jails if they have (by accident) the save uid. For me it's wrong behavior because the main

Re: security.bsd.see_other_uids for jails

2006-05-28 Thread David Malone
On Sun, May 28, 2006 at 03:46:06PM +0200, Anatoli Klassen wrote: if security.bsd.see_other_uids is set to 0, users from the main system can still see processes from jails if they have (by accident) the save uid. For me it's wrong behavior because the main system and the jail are two

Re: security.bsd.see_other_uids for jails

2006-05-28 Thread Václav Haisman
Anatoli Klassen wrote: Hi All, if security.bsd.see_other_uids is set to 0, users from the main system can still see processes from jails if they have (by accident) the save uid. For me it's wrong behavior because the main system and the jail are two different systems where uids are