Date: Mon, 06 Feb 2006 14:04:11 +0100 From: Andre Oppermann <andre@freebsd.org> To: =?ISO-8859-15?Q?Bj=F6rn_K=F6nig?= <bkoenig@cs.tu-berlin.de> Cc: current@freebsd.org Subject: Re: unprivileged users are able to kill certain jailed processes Message-ID: <43E7494B.9040401@freebsd.org> In-Reply-To: <43E60708.9000902@cs.tu-berlin.de> References: <43E60708.9000902@cs.tu-berlin.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Björn König wrote: > Hello, > > unprivileged users of the host environment can see jailed processes with > the same user ID. Furthermore they are able to send signals to these > processes. I think since users are not allowed to imprison processes > there is no reason why they should see them or even kill them. From the hosts point of view a jail is like a user and all processes in that jail are of that user. If you have normal users on the host and have jails under the same user id then, yea, tough luck. You're not supposed to do that. The purpose of jail is to protect the host from what is running in the jail, not the other way around. -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43E7494B.9040401>