From owner-freebsd-hackers  Sat Nov 23  9:37:31 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6499B37B401; Sat, 23 Nov 2002 09:37:30 -0800 (PST)
Received: from kurush.osdn.org.ua (external.osdn.org.ua [212.40.34.156])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id C4C1243EA3; Sat, 23 Nov 2002 09:37:24 -0800 (PST)
	(envelope-from never@kurush.osdn.org.ua)
Received: from kurush.osdn.org.ua (never@localhost [127.0.0.1])
	by kurush.osdn.org.ua (8.12.6/8.12.6) with ESMTP id gANHaiTP007097;
	Sat, 23 Nov 2002 19:36:45 +0200 (EET)
	(envelope-from never@kurush.osdn.org.ua)
Received: (from never@localhost)
	by kurush.osdn.org.ua (8.12.6/8.12.6/Submit) id gANHaeJT007096;
	Sat, 23 Nov 2002 19:36:40 +0200 (EET)
Date: Sat, 23 Nov 2002 19:36:40 +0200
From: Alexandr Kovalenko <never@nevermind.kiev.ua>
To: Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc: Julian Elischer <julian@FreeBSD.ORG>,
	dillon@apollo.backplane.com, hackers@FreeBSD.ORG
Subject: Re: tty/pty devices not safe in jail?
Message-ID: <20021123173639.GA6789@nevermind.kiev.ua>
References: <20021113201041.EA5F237B401@hub.freebsd.org> <99257.1037219549@critter.freebsd.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
In-Reply-To: <99257.1037219549@critter.freebsd.dk>
User-Agent: Mutt/1.5.1i
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Hello, Poul-Henning Kamp!

On Wed, Nov 13, 2002 at 09:32:29PM +0100, you wrote:

> >> There has always been code in kern/tty_pty.c which makes sure that the
> >> master and slave have the same prison:
> >
> >but a jailed user could perform a denial of service by using up all teh ptys.?
> 
> There is no general resource protection for jails:  You can use up
> any resource you can get your hand on: processes, disk, filedescriptors,
> ptys, mbuf clusters, you name it.
> 
> If you want to add resource limitations to jails, then do it right from
> the bottom, instead of as local hacks in random drivers or other hotspots.

I think many of us, ISP && HSP, will thank you/anyone else if jail would
be somewhat can-limitable on resources!


With hope that it will happen...

-- 
NEVE-RIPE, will build world for food
Ukrainian FreeBSD User Group
http://uafug.org.ua/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message