From owner-freebsd-arch  Mon Jul 17 12: 1:41 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from mail.interware.hu (mail.interware.hu [195.70.32.130])
	by hub.freebsd.org (Postfix) with ESMTP
	id DBD7137BC1F; Mon, 17 Jul 2000 12:01:25 -0700 (PDT)
	(envelope-from julian@elischer.org)
Received: from timbuktu-01.budapest.interware.hu ([195.70.51.193] helo=jules.elischer.org)
	by mail.interware.hu with smtp (Exim 3.12 #1 (Debian))
	id 13EG8Z-0006mg-00; Mon, 17 Jul 2000 21:01:08 +0200
Message-ID: <397357DE.2781E494@elischer.org>
Date: Mon, 17 Jul 2000 12:00:46 -0700
From: Julian Elischer <julian@elischer.org>
X-Mailer: Mozilla 3.04Gold (X11; I; FreeBSD 5.0-CURRENT i386)
MIME-Version: 1.0
To: Warner Losh <imp@village.org>
Cc: Brian Fundakowski Feldman <green@FreeBSD.org>,
	freebsd-arch@FreeBSD.org
Subject: Re: SysctlFS
References: <Pine.BSF.4.21.0007160327310.82825-100000@green.dyndns.org> <200007160740.BAA51827@harmony.village.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Warner Losh wrote:
> 

> 
> But this sort of thing is potentially worse.  If you can follow the
> symlink out of jail, can you use it to get to other files?
> 
> The only way that device nodes exist in the jail now is if the jailors
> create them for the Jail.  Ditto with mount points.  Ditto with this.
> 
> I'm sure that any sort of automatic adding of device nodes to a
> jail'd process' space is wrong by default.  All things that aren't
> explicitly permitted are forbidden.

> : > Why bother with a symlink?  Why not have a reference to the real
> : > dev_t?
> :
> : The dev_t of what, exactly?
> 
> The device that the jailed process can access.  Right now we put the
> dev_t in the hierarchy of the jailed process, which is the userland
> dev_t.  With a devfs implementation, you could put the kerneland dev_t
> into the filesystem generally.  If you do that, then you'll need to do
> that in jail as well.  If you don't, mknod is suffient for jailed
> processes, plus maybe with a major number lookup routine (kernel, tell
> me what the major number for wd).

See my other email onn this topic.. 
I don;t propose Symlinks.. that would eba security whole.
I propose a SYMLINK_LIKE MECHANISM to replace major numbers
in normal cdev nodes created within the filesystem, that
reflect into the device namespace.

> 
> Warner
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-arch" in the body of the message

-- 
      __--_|\  Julian Elischer
     /       \ julian@elischer.org
    (   OZ    ) World tour 2000
     ;_.---._/  presently in:  Budapest
            v


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message