Sharing directories with jails
Viren Patel
virenp at mail.utexas.edu
Fri Mar 4 07:24:26 PST 2005
> On Thursday 03 March 2005 05:23 pm, Ean Kingston wrote:
>> > On Thursday 03 March 2005 12:42 pm, Chris Hodgins
>> wrote:
>>
>> [cut original question and answer]
>>
>> >> Ok perhaps I should clarify what my intentions are a
>> little
>> >> more. I am planning on providing a FreeBSD jail for
>> any member
>> >> of a geek society I am a member of. When I say they
>> are
>> >> untrusted, I mean that I won't be giving them full
>> root access
>> >> to my server but I trust them enough not to do
>> anything
>> >> malicious inside a jail. It is just like a fun place
>> they can
>> >> play and not have to worry to much about breaking
>> things.
>> >>
>> >> How easy is it exactly to break out of a jail if you
>> have access
>> >> to development tools?
>> >
>> > http://www.securiteam.com/unixfocus/5WP031535U.html
>>
>> How current is this? The article appears to be dated
>> 2001. Are
>> there still buffer-overflow issues with /proc?
>>
>
> 5.3 and later no longer need proc and it's not mounted by
> default.
>
>> > If you use securelevels you can a sigificantly improve
>> security.
>
> --
> Anish Mistry
>
The jail manpage instructs to mount proc when starting a
jail and the /etc/rc.d/jail scripts mounts both devfs and
procfs. Are you saying this is not needed and if so why
and how to disable? Thanks.
--
Viren Patel
More information about the freebsd-questions
mailing list