From owner-freebsd-jail@FreeBSD.ORG  Fri Jul 19 06:35:27 2013
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 01AB447E;
 Fri, 19 Jul 2013 06:35:27 +0000 (UTC) (envelope-from des@des.no)
Received: from smtp.des.no (smtp.des.no [194.63.250.102])
 by mx1.freebsd.org (Postfix) with ESMTP id BB77F2BD;
 Fri, 19 Jul 2013 06:35:26 +0000 (UTC)
Received: from nine.des.no (smtp.des.no [194.63.250.102])
 by smtp-int.des.no (Postfix) with ESMTP id A6FB247C9;
 Fri, 19 Jul 2013 06:35:19 +0000 (UTC)
Received: by nine.des.no (Postfix, from userid 1001)
 id 8A265353D9; Fri, 19 Jul 2013 08:34:50 +0200 (CEST)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: "Julian H. Stacey" <jhs@berklix.com>
Subject: Re: /dev/pts/0 in a jail shows no one is observing from outer prison.
References: <201307181308.r6ID8eGI023276@fire.js.berklix.net>
Date: Fri, 19 Jul 2013 08:34:45 +0200
In-Reply-To: <201307181308.r6ID8eGI023276@fire.js.berklix.net> (Julian
 H. Stacey's message of "Thu, 18 Jul 2013 15:08:40 +0200")
Message-ID: <86d2qfdpmi.fsf@nine.des.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-security@freebsd.org, freebsd-jail@freebsd.org, np@bsn.com
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jul 2013 06:35:27 -0000

"Julian H. Stacey" <jhs@berklix.com> writes:
>   A ssh to a jail followed by Who, if it shows just pts/0, shows
>   no one else is logged in { within jail And Also Outer Prison
>   [And presumably also other parallel jails] }.

Not really, it just shows that pts/0 was available.  Like file
descriptors, pseudo-ttys are allocated on a first-unused basis.  There
could be twenty people logged in; if the first logs out, the
twenty-first gets pts/0.

Also, please read the warning at the start of the jail chapter in the
FreeBSD handbook.  I should probably update it to note that there are
many ways in which information can leak between jails and the host.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no