Date: Sat, 23 Nov 2002 19:36:40 +0200 From: Alexandr Kovalenko <never@nevermind.kiev.ua> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: Julian Elischer <julian@FreeBSD.ORG>, dillon@apollo.backplane.com, hackers@FreeBSD.ORG Subject: Re: tty/pty devices not safe in jail? Message-ID: <20021123173639.GA6789@nevermind.kiev.ua> In-Reply-To: <99257.1037219549@critter.freebsd.dk> References: <20021113201041.EA5F237B401@hub.freebsd.org> <99257.1037219549@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Poul-Henning Kamp! On Wed, Nov 13, 2002 at 09:32:29PM +0100, you wrote: > >> There has always been code in kern/tty_pty.c which makes sure that the > >> master and slave have the same prison: > > > >but a jailed user could perform a denial of service by using up all teh ptys.? > > There is no general resource protection for jails: You can use up > any resource you can get your hand on: processes, disk, filedescriptors, > ptys, mbuf clusters, you name it. > > If you want to add resource limitations to jails, then do it right from > the bottom, instead of as local hacks in random drivers or other hotspots. I think many of us, ISP && HSP, will thank you/anyone else if jail would be somewhat can-limitable on resources! With hope that it will happen... -- NEVE-RIPE, will build world for food Ukrainian FreeBSD User Group http://uafug.org.ua/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021123173639.GA6789>