Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 4 Mar 2005 09:24:25 -0600 (CST)
From:      "Viren Patel" <virenp@mail.utexas.edu>
To:        "Anish Mistry" <mistry.7@osu.edu>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Sharing directories with jails
Message-ID:  <32824.146.6.178.5.1109949865.squirrel@mail.cm.utexas.edu>
In-Reply-To: <200503031815.04158.mistry.7@osu.edu>
References:  <4227164D.3050103@cis.strath.ac.uk> <200503031316.56083.mistry.7@osu.edu> <4011.216.220.59.169.1109888589.squirrel@216.220.59.169> <200503031815.04158.mistry.7@osu.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
> On Thursday 03 March 2005 05:23 pm, Ean Kingston wrote:
>> > On Thursday 03 March 2005 12:42 pm, Chris Hodgins
>> wrote:
>>
>> [cut original question and answer]
>>
>> >> Ok perhaps I should clarify what my intentions are a
>> little
>> >> more. I am planning on providing a FreeBSD jail for
>> any member
>> >> of a geek society I am a member of.  When I say they
>> are
>> >> untrusted, I mean that I won't be giving them full
>> root access
>> >> to my server but I trust them enough not to do
>> anything
>> >> malicious inside a jail.  It is just like a fun place
>> they can
>> >> play and not have to worry to much about breaking
>> things.
>> >>
>> >> How easy is it exactly to break out of a jail if you
>> have access
>> >> to development tools?
>> >
>> > http://www.securiteam.com/unixfocus/5WP031535U.html
>>
>> How current is this? The article appears to be dated
>> 2001. Are
>> there still buffer-overflow issues with /proc?
>>
>
> 5.3 and later no longer need proc and it's not mounted by
> default.
>
>> > If you use securelevels you can a sigificantly improve
>> security.
>
> --
> Anish Mistry
>

The jail manpage instructs to mount proc when starting a
jail and the /etc/rc.d/jail scripts mounts both devfs and
procfs. Are you saying this is not needed and if so why
and how to disable? Thanks.

--
Viren Patel




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?32824.146.6.178.5.1109949865.squirrel>