Date: Wed, 23 Feb 2005 17:27:07 +0100 From: Joerg Sonnenberger <joerg@britannica.bec.de> To: freebsd-hackers@freebsd.org Subject: Re: [PATCH] Dangerous jail()<->ioctl interactions. Message-ID: <20050223162707.GA1113@britannica.bec.de> In-Reply-To: <20050221221656.GA64212@freebsd.czest.pl> References: <20050221221656.GA64212@freebsd.czest.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Feb 21, 2005 at 10:16:56PM +0000, Wojciech A. Koszek wrote: > Hello hackers, > I would like to let you know I've been doing [partial] audit of ioctl() > code. There are some places, which may interest you. These are: > > sys/cam/cam_xpt.c > sys/contrib/ipfilter/netinet/ip_fil.c > sys/contrib/pf/net/pf_ioctl.c > sys/dev/ata/ata-all.c > sys/dev/md/md.c > sys/geom/geom_ctl.c I would argue that the controlling device are not supposed to be in a jail if you are concerned about something attacking your system with it. At least for FreeBSD 4, MAKEDEV jail doesn't create any of those. Joerg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050223162707.GA1113>