From owner-freebsd-hackers  Wed Nov 13 12:32:54 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7E0CE37B408; Wed, 13 Nov 2002 12:32:53 -0800 (PST)
Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 4312F43E3B; Wed, 13 Nov 2002 12:32:52 -0800 (PST)
	(envelope-from phk@critter.freebsd.dk)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.12.6/8.12.6) with ESMTP id gADKWTOr099258;
	Wed, 13 Nov 2002 21:32:33 +0100 (CET)
	(envelope-from phk@critter.freebsd.dk)
To: julian@FreeBSD.ORG (Julian Elischer)
Cc: dillon@apollo.backplane.com, hackers@FreeBSD.ORG
Subject: Re: tty/pty devices not safe in jail? 
In-Reply-To: Your message of "Wed, 13 Nov 2002 12:10:41 PST."
             <20021113201041.EA5F237B401@hub.freebsd.org> 
Date: Wed, 13 Nov 2002 21:32:29 +0100
Message-ID: <99257.1037219549@critter.freebsd.dk>
From: Poul-Henning Kamp <phk@critter.freebsd.dk>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

In message <20021113201041.EA5F237B401@hub.freebsd.org>, Julian Elischer writes
:
>> There has always been code in kern/tty_pty.c which makes sure that the
>> master and slave have the same prison:
>
>but a jailed user could perform a denial of service by using up all teh ptys.?

There is no general resource protection for jails:  You can use up
any resource you can get your hand on: processes, disk, filedescriptors,
ptys, mbuf clusters, you name it.

If you want to add resource limitations to jails, then do it right from
the bottom, instead of as local hacks in random drivers or other hotspots.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message