Date: Sun, 12 Nov 2006 20:16:18 -0400 From: "Marc G. Fournier" <scrappy@freebsd.org> To: Kris Kennaway <kris@obsecurity.org>, Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> Cc: freebsd-questions@freebsd.org Subject: Re: mknod within a jail ... Message-ID: <01A4BB5A7FD39F28FA27CC06@ganymede.hub.org> In-Reply-To: <20061112221122.GA20998@xor.obsecurity.org> References: <7FF5BAB0C7346830548B5582@ganymede.hub.org> <44hcx47lqx.fsf@be-well.ilk.org> <20061112221122.GA20998@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --On Sunday, November 12, 2006 17:11:23 -0500 Kris Kennaway <kris@obsecurity.org> wrote: > Any approach that "requires" running mknod is misguided, since you > can't do this outside of devfs on modern FreeBSD. Mounting devfs > (with appropriate rulesets) is the correct approach. The problem with mounting devfs is that it would involve giving root in the jail some means to do the mount from within the jail ... is there some way of doing a restricted shell that would work similar to chroot? For instance, rbash will do a restricted shell that still allows programs like sftp to work from within it ... but, breaking out of rbash is as easy as typing 'bash' again, and you are back in an unrestricted shell :( - ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . scrappy@hub.org MSN . scrappy@hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFV7lS4QvfyHIvDvMRAjlBAKDVGP84RztsaiHxM9e3wbgeLRTA0wCgme2h 4u6FbuFX3R0d18Aw5CFyXSc= =kVVR -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01A4BB5A7FD39F28FA27CC06>