On Thu, Feb 24, 2005 at 01:03:17AM +0800, Xin LI wrote: > On Mon, Feb 21, 2005 at 10:16:56PM +0000, Wojciech A. Koszek wrote: > > Hello hackers, > > I would like to let you know I've been doing [partial] audit of ioctl() [..] > > connections. > Default devfs configuration for a jail is not to mount it. Additionally, the > default devfs ruleset hides everything but a limited set of pseudo devices > that > should be commen for applications to consume. Therefore, I'd rather say that > it's a configuration mistake of the user (^_^) > > Do you imply that there are other devices that enforce check against whether > they > are ioctl'ed in jail?
I agree these files should not appear inside jailed environment. I've just pointed devices, which are not secured by underlying code (I mean just like ioctl()ing interface files, which are secured with general ioctl() handler making suser() test). Cheers, -- * Wojciech A. Koszek && [EMAIL PROTECTED] _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
