From owner-freebsd-questions@FreeBSD.ORG Mon Nov 13 00:16:16 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A0B616A412 for ; Mon, 13 Nov 2006 00:16:16 +0000 (UTC) (envelope-from scrappy@freebsd.org) Received: from hub.org (hub.org [200.46.204.220]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A64943D53 for ; Mon, 13 Nov 2006 00:16:16 +0000 (GMT) (envelope-from scrappy@freebsd.org) Received: from localhost (unknown [200.46.204.220]) by hub.org (Postfix) with ESMTP id 91AD511A2A5; Sun, 12 Nov 2006 20:16:15 -0400 (AST) Received: from hub.org ([200.46.204.220]) by localhost (mx1.hub.org [200.46.204.60]) (amavisd-new, port 10024) with ESMTP id 80211-04; Sun, 12 Nov 2006 20:16:15 -0400 (AST) Received: from ganymede.hub.org (blk-137-79-174.eastlink.ca [24.137.79.174]) by hub.org (Postfix) with ESMTP id 38445119C6B; Sun, 12 Nov 2006 20:16:15 -0400 (AST) Received: from localhost (localhost [127.0.0.1]) by ganymede.hub.org (Postfix) with ESMTP id F11DA394A5; Sun, 12 Nov 2006 20:16:18 -0400 (AST) Date: Sun, 12 Nov 2006 20:16:18 -0400 From: "Marc G. Fournier" To: Kris Kennaway , Lowell Gilbert Message-ID: <01A4BB5A7FD39F28FA27CC06@ganymede.hub.org> In-Reply-To: <20061112221122.GA20998@xor.obsecurity.org> References: <7FF5BAB0C7346830548B5582@ganymede.hub.org> <44hcx47lqx.fsf@be-well.ilk.org> <20061112221122.GA20998@xor.obsecurity.org> X-Mailer: Mulberry/4.0.6 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: freebsd-questions@freebsd.org Subject: Re: mknod within a jail ... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2006 00:16:16 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --On Sunday, November 12, 2006 17:11:23 -0500 Kris Kennaway wrote: > Any approach that "requires" running mknod is misguided, since you > can't do this outside of devfs on modern FreeBSD. Mounting devfs > (with appropriate rulesets) is the correct approach. The problem with mounting devfs is that it would involve giving root in the jail some means to do the mount from within the jail ... is there some way of doing a restricted shell that would work similar to chroot? For instance, rbash will do a restricted shell that still allows programs like sftp to work from within it ... but, breaking out of rbash is as easy as typing 'bash' again, and you are back in an unrestricted shell :( - ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . scrappy@hub.org MSN . scrappy@hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFV7lS4QvfyHIvDvMRAjlBAKDVGP84RztsaiHxM9e3wbgeLRTA0wCgme2h 4u6FbuFX3R0d18Aw5CFyXSc= =kVVR -----END PGP SIGNATURE-----