On Thu, Jun 26, 2003 at 10:50:23PM -0400, Alejandro Mery Pellegrini wrote: > >hmm, in what way do you believe /dev/tty would > >or could compromise security? > > > >otherwise: > > > >[V] mknod /dev/tty c 5 0 > > > >will do nicely
/dev/tty is the current tty (nothing more, nothing less, so no issue with that, I believe) > i have a similar doubt but related with pty and devfs, > .i.e. /dev/pts/n is created by devfs just when needed, > how does it works using contexts? using devfs would be a major security issue, allowing any virtual root user to destroy the physical system ... so this is a BadIdea(TM) > mount --bind /dev/pts /vservers/this/dev/pts > mount --bind /dev/pts /vservers/that/dev/pts > > or devpts on the other hand, should make no troubles (see below) > mount -t devpts /vserver/this/dev/pts none > mount -t devpts /vserver/that/dev/pts none > > or > > some other way? > > /dev/pts/1 of 'this' will be the same /dev/pts/1 of 'that'? will be > different? > > do i need mknod capability on those contexts to allow the daemons to > create pts? > > any security problem? regarding to Jacques documentation section 6.2.4.2 /dev/pts http://www.solucorp.qc.ca/miscprj/s_context.hc?s1=6&s2=2&s3=4&s4=2&full=0&prjstate=1&nodoc=0 Starting with the ctx-6 patch, /dev/pts is virtualised. Although the file numbers are allocated from a single pool, a vserver only see the pseudo-tty it owns. HTH, Herbert > Alejandro Mery >
