Date: Mon, 12 Feb 2001 10:50:20 -0500 (EST) From: Robert Watson <rwatson@freebsd.org> To: Lists Account <lists@security.za.net> Cc: hackers@freebsd.org Subject: Re: Jail Pseudo Terminals Message-ID: <Pine.NEB.3.96L.1010212104522.88322B-100000@fledge.watson.org> In-Reply-To: <Pine.BSF.4.21.0102121540560.80066-100000@security.za.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 12 Feb 2001, Lists Account wrote: > Just a quick question Im hoping someone can help me with. I extended > the number of pty's available on my base box just fine, with an edit to > /etc/ttys and making some new devices, then just a kill -1 1, and > everything worked fine. > > I did exactly the same thing under the jail, it didnt work, rebooted the > box and it still didnt work, does anyone know how to extend the number > of pty's under a jail? Any help would be MUCH appreciated Hmm. What do you mean by, ``I did exactly the same thing under the jail'' -- the mknod() syscall for device nodes is unavailable under jail() so as to prevent the creation of inappropriate devices that might allow the attacker to circumvent the jail() protections. So there are two things you could have done: (1) used MAKEDEV under jail(), and either it didn't generate appropriate error messages, or you missed them, and you should be running the MAKEDEV in the per-jail /dev directory, but not from within the jail(), or (2) you ran MAKEDEV outside the jail, and something else is broken. My first guess would be that you did (1), and running MAKEDEV outside of a jail() process but in the jail() /dev will fix things. Also, generally speaking, pty's are not managed by init, rather, they are dynamically allocated using openpty(), so you shouldn't need to HUP init, or even modify /etc/ttys. In fact, from within a jail(), you should be unable to successfully HUP the pid 1 init process. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010212104522.88322B-100000>