Date: 14 Jun 2001 16:06:50 +0200 From: Dag-Erling Smorgrav <des@ofug.org> To: David Malone <dwmalone@maths.tcd.ie> Cc: freebsd-audit@freebsd.org, rwatson@freebsd.org Subject: Re: Allowing ident in a jail. Message-ID: <xzphexjdukl.fsf@flood.ping.uio.no> In-Reply-To: <200106141435.aa12577@salmon.maths.tcd.ie> References: <200106141435.aa12577@salmon.maths.tcd.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
David Malone <dwmalone@maths.tcd.ie> writes: > This seems pretty safe and doesn't really leak any info from jail > to jail. - actually, this solution *does* have the potential of leaking information about non-jailed processes into the jail, *but* - to get into a scenario where a socket belonging to a non-jailed process is visible from within the jail, you have to jump through hoops and willingly do things that more or less cancel out the benefits of using a jail in the first place. So while David's patch isn't really a 100% correct fix for the problem described in the PR, it's a good enough compromise, and a much better solution than any I expected to find. (David already knows this; this is for the benefit of those who haven't read the private discussion he and I had on this subject) DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzphexjdukl.fsf>