Date: Sun, 22 Aug 2021 04:26:57 +0000 From: beebeetles@posteo.de To: freebsd-questions@freebsd.org Subject: Risks of "unhiding" Device Nodes in devfs.rules for jails? Message-ID: <e659f7c5-617a-0ce2-7688-a3188ac4b236@posteo.de>
next in thread | raw e-mail | index | archive | help
Hi all, I'm trying to understand the implications of "unhiding" device nodes for jails through `devfs.rules`. In particular, I'm hoping to know if there are any security risks incurred by unhiding certain device nodes. For example, if I create a devfs ruleset with the following rule for a vnet jail: add path 'bpf*' unhide will packets going though the host system become visible to the jail? As another example, if I do `add path 'da*' unhide`, does /dev/da0 become accessible (for read and write) to the jail? If unhiding device nodes creates no risk, why would one need the ability to hide device nodes at all? Thank you.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e659f7c5-617a-0ce2-7688-a3188ac4b236>