Date: Wed, 13 Nov 2002 21:32:29 +0100 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: julian@FreeBSD.ORG (Julian Elischer) Cc: dillon@apollo.backplane.com, hackers@FreeBSD.ORG Subject: Re: tty/pty devices not safe in jail? Message-ID: <99257.1037219549@critter.freebsd.dk> In-Reply-To: Your message of "Wed, 13 Nov 2002 12:10:41 PST." <20021113201041.EA5F237B401@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20021113201041.EA5F237B401@hub.freebsd.org>, Julian Elischer writes : >> There has always been code in kern/tty_pty.c which makes sure that the >> master and slave have the same prison: > >but a jailed user could perform a denial of service by using up all teh ptys.? There is no general resource protection for jails: You can use up any resource you can get your hand on: processes, disk, filedescriptors, ptys, mbuf clusters, you name it. If you want to add resource limitations to jails, then do it right from the bottom, instead of as local hacks in random drivers or other hotspots. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?99257.1037219549>