Hi,
Ok this is getting a bit strange. Interestingly enough ssh works 100%
with my method of tty creation, having created (from outside the
jail) ttyp32 - ttyp100 (with the minor/major numbers set as 5,XX where XX
is ttypXX), and a mknod type of c, ssh allocates ttys fine, however screen
still tells me there are no ttys available?
Any ideas?
Andrew
On Mon, 12 Feb 2001, Robert Watson wrote:
>
> On Mon, 12 Feb 2001, Lists Account wrote:
>
> > Just a quick question Im hoping someone can help me with. I extended
> > the number of pty's available on my base box just fine, with an edit to
> > /etc/ttys and making some new devices, then just a kill -1 1, and
> > everything worked fine.
> >
> > I did exactly the same thing under the jail, it didnt work, rebooted the
> > box and it still didnt work, does anyone know how to extend the number
> > of pty's under a jail? Any help would be MUCH appreciated
>
> Hmm. What do you mean by, ``I did exactly the same thing under the jail''
> -- the mknod() syscall for device nodes is unavailable under jail() so as
> to prevent the creation of inappropriate devices that might allow the
> attacker to circumvent the jail() protections. So there are two things
> you could have done: (1) used MAKEDEV under jail(), and either it didn't
> generate appropriate error messages, or you missed them, and you should be
> running the MAKEDEV in the per-jail /dev directory, but not from within
> the jail(), or (2) you ran MAKEDEV outside the jail, and something else is
> broken. My first guess would be that you did (1), and running MAKEDEV
> outside of a jail() process but in the jail() /dev will fix things.
>
> Also, generally speaking, pty's are not managed by init, rather, they are
> dynamically allocated using openpty(), so you shouldn't need to HUP init,
> or even modify /etc/ttys. In fact, from within a jail(), you should be
> unable to successfully HUP the pid 1 init process.
>
> Robert N M Watson FreeBSD Core Team, TrustedBSD Project
> [EMAIL PROTECTED] NAI Labs, Safeport Network Services
>
>
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
