From owner-freebsd-hackers Mon Feb 12 21: 9:58 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from security.za.net (security.za.net [196.2.146.22]) by hub.freebsd.org (Postfix) with ESMTP id 136EE37B4EC; Mon, 12 Feb 2001 21:09:52 -0800 (PST) Received: from localhost (lists@localhost) by security.za.net (8.9.3/8.9.3) with ESMTP id HAA31701; Tue, 13 Feb 2001 07:09:48 +0200 (SAST) (envelope-from lists@security.za.net) Date: Tue, 13 Feb 2001 07:09:48 +0200 (SAST) From: Lists Account To: Robert Watson Cc: hackers@freebsd.org Subject: Re: Jail Pseudo Terminals In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, Ok this is getting a bit strange. Interestingly enough ssh works 100% with my method of tty creation, having created (from outside the jail) ttyp32 - ttyp100 (with the minor/major numbers set as 5,XX where XX is ttypXX), and a mknod type of c, ssh allocates ttys fine, however screen still tells me there are no ttys available? Any ideas? Andrew On Mon, 12 Feb 2001, Robert Watson wrote: > > On Mon, 12 Feb 2001, Lists Account wrote: > > > Just a quick question Im hoping someone can help me with. I extended > > the number of pty's available on my base box just fine, with an edit to > > /etc/ttys and making some new devices, then just a kill -1 1, and > > everything worked fine. > > > > I did exactly the same thing under the jail, it didnt work, rebooted the > > box and it still didnt work, does anyone know how to extend the number > > of pty's under a jail? Any help would be MUCH appreciated > > Hmm. What do you mean by, ``I did exactly the same thing under the jail'' > -- the mknod() syscall for device nodes is unavailable under jail() so as > to prevent the creation of inappropriate devices that might allow the > attacker to circumvent the jail() protections. So there are two things > you could have done: (1) used MAKEDEV under jail(), and either it didn't > generate appropriate error messages, or you missed them, and you should be > running the MAKEDEV in the per-jail /dev directory, but not from within > the jail(), or (2) you ran MAKEDEV outside the jail, and something else is > broken. My first guess would be that you did (1), and running MAKEDEV > outside of a jail() process but in the jail() /dev will fix things. > > Also, generally speaking, pty's are not managed by init, rather, they are > dynamically allocated using openpty(), so you shouldn't need to HUP init, > or even modify /etc/ttys. In fact, from within a jail(), you should be > unable to successfully HUP the pid 1 init process. > > Robert N M Watson FreeBSD Core Team, TrustedBSD Project > robert@fledge.watson.org NAI Labs, Safeport Network Services > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message