Date: Sun, 28 May 2006 15:50:12 +0200 From: joerg@britannica.bec.de To: freebsd-hackers@freebsd.org Subject: Re: security.bsd.see_other_uids for jails Message-ID: <20060528135012.GB14541@britannica.bec.de> In-Reply-To: <4479A99E.8080708@aksoft.net> References: <4479A99E.8080708@aksoft.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, May 28, 2006 at 03:46:06PM +0200, Anatoli Klassen wrote: > Hi All, > > if security.bsd.see_other_uids is set to 0, users from the main system > can still see processes from jails if they have (by accident) the save uid. > > For me it's wrong behavior because the main system and the jail are two > different systems where uids are independent. Sorry but you have far bigger security problems if you create such a setup. E.g. "users" from the outer system can ptrace the processes in the jail with the same uid. Short answer is: don't do that. Joerg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060528135012.GB14541>