Date: Sat, 16 Nov 2002 10:23:19 +0100 From: Pawel Jakub Dawidek <nick@garage.freebsd.pl> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: freebsd-hackers@freebsd.org Subject: Re: tty/pty devices not safe in jail? Message-ID: <20021116092319.GR590@garage.freebsd.pl> In-Reply-To: <200211132001.gADK188f001694@apollo.backplane.com> References: <98485.1037216817@critter.freebsd.dk> <200211132001.gADK188f001694@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--O3bhLwMadv7h6/J9 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 13, 2002 at 12:01:08PM -0800, Matthew Dillon wrote: +> Would people be interested if I added such a feature? Limit the +> highest allocatable pty to 90% when operating within a jail? e.g. +> if you have 256 ptys both jail and normal tend to allocate ptys=20 +> from the bottom up, but the jail would not be allowed to allocate +> past pty #227. This way if a jail eats all the ptys the sysadmin +> can still ssh in. First of all, there is no such limit in main system (not jailed), so there is always chance to DoS Your machine in this way if You have not-jailed users. So this isn't a complete solution. But if there are no free ptys, I log in via: % ssh -vC <IP> /bin/sh --=20 Pawel Jakub Dawidek UNIX Systems Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am. --O3bhLwMadv7h6/J9 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPdYOhz/PhmMH/Mf1AQFVuAQApEZb1ZIqWamj6WQIvMh3XD9J5ZKgB8qr tseVstuyZ+ccCTOMkym2kFo+CDKiTjy5I/VZmxgv7QUgGXCS/YHsJDTfLgXwTeSb 2OxC07+S8H2HUGofSsAa70Stk6Wacbh0l61lhoCxfSARwkFYda0Wgi4vrWJBGgYU cCsRoDGi4Lw= =EWhf -----END PGP SIGNATURE----- --O3bhLwMadv7h6/J9-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021116092319.GR590>