From owner-freebsd-hackers Thu Feb 27 7:43:54 2003 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 09DF037B401 for ; Thu, 27 Feb 2003 07:43:52 -0800 (PST) Received: from milla.ask33.net (milla.ask33.net [217.197.166.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4A10443FBF for ; Thu, 27 Feb 2003 07:43:51 -0800 (PST) (envelope-from nick@milla.ask33.net) Received: by milla.ask33.net (Postfix, from userid 1001) id 5C5A33ABB4D; Thu, 27 Feb 2003 16:43:51 +0100 (CET) Date: Thu, 27 Feb 2003 16:43:51 +0100 From: Pawel Jakub Dawidek To: Mooneer Salem Cc: FreeBSD Hackers Subject: Re: Jail seperation patch Message-ID: <20030227154351.GQ330@garage.freebsd.pl> References: <20030227094242.GJ330@garage.freebsd.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="rG09A39trvEtf3rB" Content-Disposition: inline In-Reply-To: X-PGP-Key-URL: http://garage.freebsd.pl/jules.asc X-OS: FreeBSD 4.8-PRERELEASE i386 User-Agent: Mutt/1.5.1i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --rG09A39trvEtf3rB Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 27, 2003 at 07:16:15AM -0800, Mooneer Salem wrote: +> Actually, I just gave it blah.lifeafterking.org in /etc/hosts. 10.0.0.4 +> really *is* in the same jail: +>=20 +> %ifconfig +> lnc0: flags=3D8843 mtu 1500 +> inet 10.0.0.3 netmask 0xffffffff broadcast 10.0.0.3 +> inet 10.0.0.4 netmask 0xffffffff broadcast 10.0.0.4 +> ether 00:50:56:e0:26:54 +> lo0: flags=3D8049 mtu 16384 +> %hostname +> test.lifeafterking.org +> % Ehh, so now I know nothing about your test settings. After all problems isn't so trivial. +> As for the hide files code, I found a possible location for it, in +> vfs_subr.c (extattr_check_cred()). I added +> this block to it: [...] IMHO very dirty and not complete. Jail don't have to be chrooted to diferent mount-point, and checks like those should be done between vnodes, not pathnames. In my opinion better way is just create another jail and don't give access to main host for regular users. --=20 Pawel Jakub Dawidek UNIX Systems Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am. --rG09A39trvEtf3rB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPl4yNz/PhmMH/Mf1AQHotQQAkeywMGpBMfwYGhDQccL/QWzbnrFrvWyJ YV1SE7gTMtBYJNWaqnid7Jb0sY9/kF9aM1ZhVF17zlKpFxvp4+X3FWbHPFpscHMl wfNDJwrMtu9ISHOqeFxQ9r15ftDdRqQEr5QaWSaOXa/Y8cJKtFBffqdD2qBTVxl4 EKarNg7ptYY= =8lmk -----END PGP SIGNATURE----- --rG09A39trvEtf3rB-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message