Date: Fri, 19 Jul 2013 08:34:45 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: "Julian H. Stacey" <jhs@berklix.com> Cc: freebsd-security@freebsd.org, freebsd-jail@freebsd.org, np@bsn.com Subject: Re: /dev/pts/0 in a jail shows no one is observing from outer prison. Message-ID: <86d2qfdpmi.fsf@nine.des.no> In-Reply-To: <201307181308.r6ID8eGI023276@fire.js.berklix.net> (Julian H. Stacey's message of "Thu, 18 Jul 2013 15:08:40 %2B0200") References: <201307181308.r6ID8eGI023276@fire.js.berklix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
"Julian H. Stacey" <jhs@berklix.com> writes:
> A ssh to a jail followed by Who, if it shows just pts/0, shows
> no one else is logged in { within jail And Also Outer Prison
> [And presumably also other parallel jails] }.
Not really, it just shows that pts/0 was available. Like file
descriptors, pseudo-ttys are allocated on a first-unused basis. There
could be twenty people logged in; if the first logs out, the
twenty-first gets pts/0.
Also, please read the warning at the start of the jail chapter in the
FreeBSD handbook. I should probably update it to note that there are
many ways in which information can leak between jails and the host.
DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86d2qfdpmi.fsf>