Translate

Arm Ukraine, zap Putin

Stolen Votes

berklix.com logo

berklix.org logo

No Cookies

Flag UK DE

BSD-PIE

BSD

GNU

Linux

No Tracking

Disclaimer

IBU

Consol

This is http://www.berklix.com/~jhs/blog/2013-07-20/

Other blogs and texts

To: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@@@des.no>
Subject: Re: /dev/pts/0 in a jail shows no one is observing from outer prison.
From: "Julian H. Stacey" <jhs@@@berklix.com>
Date: Sat, 20 Jul 2013 00:38:57 +0200
Cc: freebsd-security@@@freebsd.org, freebsd-jail@@@freebsd.org, np@@@ibu.de
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
MIME-Version: 1.0

Hi, Reference:
> From:     =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@@@des.no> 
> Date:     Fri, 19 Jul 2013 08:34:45 +0200 

=?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= wrote:
> "Julian H. Stacey" <jhs@@@berklix.com> writes:
> >   A ssh to a jail followed by Who, if it shows just pts/0, shows
> >   no one else is logged in { within jail And Also Outer Prison
> >   [And presumably also other parallel jails] }.
> 
> Not really, it just shows that pts/0 was available.  Like file
> descriptors, pseudo-ttys are allocated on a first-unused basis.  There
> could be twenty people logged in; if the first logs out, the
> twenty-first gets pts/0.

Thanks DES,
Yes, I suppose so, on busy hardware. It was more obvious what was
going on with my prison & jail as that was lightly logged in.

If FreeBSD wanted to obscure the information, I suppose one could
do a kernel tweak to do pty allocation from a cyclic buffer, (like
PID IDs) rather than searching sequentially from 0 each time, but
I guess there's more interesting things to do than that.


> Also, please read the warning at the start of the jail chapter in the
> FreeBSD handbook.

Wow !  Light dawns brightly !


>  I should probably update it to note that there are
> many ways in which information can leak between jails and the host.

If so do, maybe add
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
next to
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
If you think appropriate.

Thanks.

Cheers,
Julian
- -- 
Julian H. Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://www.berklix.com
 Reply below not above, like a play script.  Indent old text with "> ".
 Send plain text.  No quoted-printable, HTML, base64, multipart/alternative.
_______________________________________________
freebsd-security@@@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@@@freebsd.org"


------- End of Forwarded Message

Stolen VotesBerklix.Net Computer AssociatesDomainsApache: Web ServerFreeBSD: Operating System