From owner-freebsd-hackers  Wed Nov 13 11:31:16 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 49FF337B401
	for <hackers@FreeBSD.ORG>; Wed, 13 Nov 2002 11:31:15 -0800 (PST)
Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CDBD443E6E
	for <hackers@FreeBSD.ORG>; Wed, 13 Nov 2002 11:31:13 -0800 (PST)
	(envelope-from phk@critter.freebsd.dk)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.12.6/8.12.6) with ESMTP id gADJUwOr098062;
	Wed, 13 Nov 2002 20:30:59 +0100 (CET)
	(envelope-from phk@critter.freebsd.dk)
To: Matthew Dillon <dillon@apollo.backplane.com>
Cc: hackers@FreeBSD.ORG
Subject: Re: tty/pty devices not safe in jail? 
In-Reply-To: Your message of "Wed, 13 Nov 2002 11:27:59 PST."
             <200211131927.gADJRxP8085877@apollo.backplane.com> 
Date: Wed, 13 Nov 2002 20:30:58 +0100
Message-ID: <98061.1037215858@critter.freebsd.dk>
From: Poul-Henning Kamp <phk@critter.freebsd.dk>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

In message <200211131927.gADJRxP8085877@apollo.backplane.com>, Matthew Dillon w
rites:
>    Hmm.  While tracking down a null mount issue I think I might have
>    come across a potentially serious problem with jail.  It seems to
>    me that it would be possible for someone inside a jailed environment
>    to 'steal' pty's, tty's, or the tty side of a pty that is being
>    used from within other jails or by processes outside the jail.  Has
>    this ever come up before?

There has always been code in kern/tty_pty.c which makes sure that the
master and slave have the same prison:

        } else if (pti->pt_prison != td->td_ucred->cr_prison) {
                return (EBUSY);


-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message