Re: Possible security issue with jails
This was the info I needed. Thanks!
-micah
On Tue, Jan 11, 2005 at 11:05:43PM +0100, Poul-Henning Kamp wrote:
> In message <20050111221055.GD68350@micah.tamu.edu>, Micah writes:
> >Howdy!
> >
> >I'm not sure if this is actually an issue, feature or a bug, but I have found
> >that inside a jail, the jailed root user is able to sniff traffic (and enable
> >promiscuous mode) on at least the interface of the IP address the jail is attached
> >to.
>
> Only if you leave bpf devices in the devfs mounted on the jail.
>
> --
> Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG | TCP/IP since RFC 956
> FreeBSD committer | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)