Date: Wed, 13 Nov 2002 20:30:58 +0100 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: hackers@FreeBSD.ORG Subject: Re: tty/pty devices not safe in jail? Message-ID: <98061.1037215858@critter.freebsd.dk> In-Reply-To: Your message of "Wed, 13 Nov 2002 11:27:59 PST." <200211131927.gADJRxP8085877@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200211131927.gADJRxP8085877@apollo.backplane.com>, Matthew Dillon w
rites:
> Hmm. While tracking down a null mount issue I think I might have
> come across a potentially serious problem with jail. It seems to
> me that it would be possible for someone inside a jailed environment
> to 'steal' pty's, tty's, or the tty side of a pty that is being
> used from within other jails or by processes outside the jail. Has
> this ever come up before?
There has always been code in kern/tty_pty.c which makes sure that the
master and slave have the same prison:
} else if (pti->pt_prison != td->td_ucred->cr_prison) {
return (EBUSY);
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?98061.1037215858>