Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 20 Jul 2013 00:38:57 +0200
From:      "Julian H. Stacey" <jhs@berklix.com>
To:        =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
Cc:        freebsd-security@freebsd.org, freebsd-jail@freebsd.org, np@bsn.com
Subject:   Re: /dev/pts/0 in a jail shows no one is observing from outer prison.
Message-ID:  <201307192239.r6JMcvO2083730@fire.js.berklix.net>
In-Reply-To: Your message "Fri, 19 Jul 2013 08:34:45 %2B0200." <86d2qfdpmi.fsf@nine.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi, Reference:
> From:		=?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> 
> Date:		Fri, 19 Jul 2013 08:34:45 +0200 

=?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= wrote:
> "Julian H. Stacey" <jhs@berklix.com> writes:
> >   A ssh to a jail followed by Who, if it shows just pts/0, shows
> >   no one else is logged in { within jail And Also Outer Prison
> >   [And presumably also other parallel jails] }.
> 
> Not really, it just shows that pts/0 was available.  Like file
> descriptors, pseudo-ttys are allocated on a first-unused basis.  There
> could be twenty people logged in; if the first logs out, the
> twenty-first gets pts/0.

Thanks DES,
Yes, I suppose so, on busy hardware. It was more obvious what was
going on with my prison & jail as that was lightly logged in.

If FreeBSD wanted to obscure the information, I suppose one could
do a kernel tweak to do pty allocation from a cyclic buffer, (like
PID IDs) rather than searching sequentially from 0 each time, but
I guess there's more interesting things to do than that.


> Also, please read the warning at the start of the jail chapter in the
> FreeBSD handbook.

Wow !  Light dawns brightly !


>  I should probably update it to note that there are
> many ways in which information can leak between jails and the host.

If so do, maybe add
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
next to
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
If you think appropriate.

Thanks.

Cheers,
Julian
-- 
Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com
 Reply below not above, like a play script.  Indent old text with "> ".
 Send plain text.  No quoted-printable, HTML, base64, multipart/alternative.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201307192239.r6JMcvO2083730>