Date: Sat, 20 Jul 2013 00:38:57 +0200 From: "Julian H. Stacey" <jhs@berklix.com> To: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> Cc: freebsd-security@freebsd.org, freebsd-jail@freebsd.org, np@bsn.com Subject: Re: /dev/pts/0 in a jail shows no one is observing from outer prison. Message-ID: <201307192239.r6JMcvO2083730@fire.js.berklix.net> In-Reply-To: Your message "Fri, 19 Jul 2013 08:34:45 %2B0200." <86d2qfdpmi.fsf@nine.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Reference: > From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> > Date: Fri, 19 Jul 2013 08:34:45 +0200 =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= wrote: > "Julian H. Stacey" <jhs@berklix.com> writes: > > A ssh to a jail followed by Who, if it shows just pts/0, shows > > no one else is logged in { within jail And Also Outer Prison > > [And presumably also other parallel jails] }. > > Not really, it just shows that pts/0 was available. Like file > descriptors, pseudo-ttys are allocated on a first-unused basis. There > could be twenty people logged in; if the first logs out, the > twenty-first gets pts/0. Thanks DES, Yes, I suppose so, on busy hardware. It was more obvious what was going on with my prison & jail as that was lightly logged in. If FreeBSD wanted to obscure the information, I suppose one could do a kernel tweak to do pty allocation from a cyclic buffer, (like PID IDs) rather than searching sequentially from 0 each time, but I guess there's more interesting things to do than that. > Also, please read the warning at the start of the jail chapter in the > FreeBSD handbook. Wow ! Light dawns brightly ! > I should probably update it to note that there are > many ways in which information can leak between jails and the host. If so do, maybe add http://lists.freebsd.org/mailman/listinfo/freebsd-jail next to http://lists.freebsd.org/mailman/listinfo/freebsd-questions If you think appropriate. Thanks. Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Reply below not above, like a play script. Indent old text with "> ". Send plain text. No quoted-printable, HTML, base64, multipart/alternative.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201307192239.r6JMcvO2083730>