In message <[EMAIL PROTECTED]> Peter Wemm writes:
: As bizzare as it sounds, I like Julian's hack for populating this stuff...
: ie: use a hard link to propagate nodes to the jailed /dev.
: eg: mount -t devfs -o empty /home/jail/dev
: ln /dev/null /home/jail/dev/null
: ln /dev/zero /home/jail/dev/zero
: ...
: mount -u -o ro /home/jail/dev

But you can't do hard links accross file systems.  Or is that a hack
of devfs to allow it, and if so does that create any other security
problems.  Recall the security implications of having procfs's 'file'
file.  He made a hard link to the file in question, and exposed many
different classes of problem: unwanted disclosure, failure to take
into account directory permissions, the ability to hard link to the
file and execute it later (bad for setuid programs), etc.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to