Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 16 Nov 2002 10:23:19 +0100
From:      Pawel Jakub Dawidek <nick@garage.freebsd.pl>
To:        Matthew Dillon <dillon@apollo.backplane.com>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: tty/pty devices not safe in jail?
Message-ID:  <20021116092319.GR590@garage.freebsd.pl>
In-Reply-To: <200211132001.gADK188f001694@apollo.backplane.com>
References:  <98485.1037216817@critter.freebsd.dk> <200211132001.gADK188f001694@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--O3bhLwMadv7h6/J9
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Nov 13, 2002 at 12:01:08PM -0800, Matthew Dillon wrote:
+>     Would people be interested if I added such a feature?  Limit the
+>     highest allocatable pty to 90% when operating within a jail?  e.g.
+>     if you have 256 ptys both jail and normal tend to allocate ptys=20
+>     from the bottom up, but the jail would not be allowed to allocate
+>     past pty #227.  This way if a jail eats all the ptys the sysadmin
+>     can still ssh in.

First of all, there is no such limit in main system (not jailed),
so there is always chance to DoS Your machine in this way if You
have not-jailed users. So this isn't a complete solution.
But if there are no free ptys, I log in via:

	% ssh -vC <IP> /bin/sh

--=20
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.

--O3bhLwMadv7h6/J9
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iQCVAwUBPdYOhz/PhmMH/Mf1AQFVuAQApEZb1ZIqWamj6WQIvMh3XD9J5ZKgB8qr
tseVstuyZ+ccCTOMkym2kFo+CDKiTjy5I/VZmxgv7QUgGXCS/YHsJDTfLgXwTeSb
2OxC07+S8H2HUGofSsAa70Stk6Wacbh0l61lhoCxfSARwkFYda0Wgi4vrWJBGgYU
cCsRoDGi4Lw=
=EWhf
-----END PGP SIGNATURE-----

--O3bhLwMadv7h6/J9--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021116092319.GR590>