From owner-freebsd-hackers  Fri Nov 15 20:39:31 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6F51E37B401; Fri, 15 Nov 2002 20:39:30 -0800 (PST)
Received: from HAL9000.homeunix.com (12-232-220-15.client.attbi.com [12.232.220.15])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id A161F43E4A; Fri, 15 Nov 2002 20:39:29 -0800 (PST)
	(envelope-from dschultz@uclink.Berkeley.EDU)
Received: from HAL9000.homeunix.com (localhost [127.0.0.1])
	by HAL9000.homeunix.com (8.12.6/8.12.5) with ESMTP id gAG4dJ2q016501;
	Fri, 15 Nov 2002 20:39:19 -0800 (PST)
	(envelope-from dschultz@uclink.Berkeley.EDU)
Received: (from das@localhost)
	by HAL9000.homeunix.com (8.12.6/8.12.5/Submit) id gAG4dIqX016500;
	Fri, 15 Nov 2002 20:39:18 -0800 (PST)
	(envelope-from dschultz@uclink.Berkeley.EDU)
Date: Fri, 15 Nov 2002 20:39:18 -0800
From: David Schultz <dschultz@uclink.Berkeley.EDU>
To: Julian Elischer <julian@FreeBSD.ORG>
Cc: dillon@apollo.backplane.com, phk@critter.freebsd.dk,
	hackers@FreeBSD.ORG
Subject: Re: tty/pty devices not safe in jail?
Message-ID: <20021116043918.GA16104@HAL9000.homeunix.com>
Mail-Followup-To: Julian Elischer <julian@FreeBSD.ORG>,
	dillon@apollo.backplane.com, phk@critter.freebsd.dk,
	hackers@FreeBSD.ORG
References: <98061.1037215858@critter.freebsd.dk> <20021113201041.EA5F237B401@hub.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20021113201041.EA5F237B401@hub.freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Thus spake Julian Elischer <julian@FreeBSD.ORG>:
> > There has always been code in kern/tty_pty.c which makes sure that the
> > master and slave have the same prison:
> 
> but a jailed user could perform a denial of service by using up all teh ptys.?

Can't you fix this by simply creating fewer device nodes inside
the jail, or by hiding some ptys in the devfs case?

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message