From owner-freebsd-security  Wed May 17  6:47: 5 2000
Delivered-To: freebsd-security@freebsd.org
Received: from jello.geekspace.com (jello.geekspace.com [208.154.207.134])
	by hub.freebsd.org (Postfix) with SMTP id AB4B037BA47
	for <security@freebsd.org>; Wed, 17 May 2000 06:46:51 -0700 (PDT)
	(envelope-from chris.williams@third-rail.net)
Received: (qmail 11014 invoked from network); 17 May 2000 13:47:15 -0000
Received: from jenica2.cust.third-rail.net (HELO third-rail.net) (@208.154.207.102)
  by jello.geekspace.com with SMTP; 17 May 2000 13:47:15 -0000
Message-ID: <3922A204.1A9CECCD@third-rail.net>
Date: Wed, 17 May 2000 09:43:32 -0400
From: Chris Williams <chris.williams@third-rail.net>
X-Mailer: Mozilla 4.72 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
Cc: security@freebsd.org
Subject: Re: Jail: Problems? Proper Usage? Status? Practicality?
References: <Pine.BSF.4.10.10005161420040.77736-100000@grobin.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> If a process running in the host system created a UNIX domain socket or
> named pipe within the jail directory tree. Would a process running in the
> jail be able to connect to and communicate with the host process through
> this socket or pipe? If so I guess you could create work around for just
> about anything by running it on the host system. Would this create a
> potential way of defeating the jail?

It does bring up the issue of buffer overflows and soforth in the
process on the unjailed end of the pipe.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message