Re: Configuration differences for jails
From: Joerg Sonnenberger (joerg_at_britannica.bec.de)
Date: 04/21/05
- Previous message: Omar Lopez Limonta: "Re: ipfw1sysctl and lifetime"
- In reply to: c0ldbyte: "Re: Configuration differences for jails"
- Next in thread: c0ldbyte: "Re: Configuration differences for jails"
- Reply: c0ldbyte: "Re: Configuration differences for jails"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 21 Apr 2005 13:43:59 +0200 To: freebsd-hackers@freebsd.org
On Thu, Apr 21, 2005 at 07:39:08AM -0400, c0ldbyte wrote:
> Now if that last question is correct and thats the proccess you are using
> to create a jail then depending on the situation wouldnt that inturn
> defeat some of the main purposes of the jail, like the following. If you
> mounted your "/bin" on "/mnt/jail/bin" then if a person that was looking
> to break in and effect the system that is currently locked in the "jail"
> all he would have to do is just write something to the "jail/bin" which is
> actualy your root "/bin" and then the next time a binary is used from your
> root directories it could still infect the rest of the system ultimately
> defeating the purpose of what you just set up. To my understanding and use
> a jail is somewhat totaly independent of the OS that it resides in and
> wont be if you are using nullfs to mount root binary directories on it.
ro mount as written by grant parent protects against this.
Joerg
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
- Previous message: Omar Lopez Limonta: "Re: ipfw1sysctl and lifetime"
- In reply to: c0ldbyte: "Re: Configuration differences for jails"
- Next in thread: c0ldbyte: "Re: Configuration differences for jails"
- Reply: c0ldbyte: "Re: Configuration differences for jails"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
