Date: Sat, 03 Feb 2001 12:32:50 -0700 From: Warner Losh <imp@harmony.village.org> To: Peter Wemm <peter@netplex.com.au> Cc: freebsd-current@FreeBSD.ORG Subject: Re: DEVFS newbie... Message-ID: <200102031932.f13JWo961621@harmony.village.org> In-Reply-To: Your message of "Sat, 03 Feb 2001 09:48:56 PST." <200102031748.f13HmuW44694@mobile.wemm.org> References: <200102031748.f13HmuW44694@mobile.wemm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200102031748.f13HmuW44694@mobile.wemm.org> Peter Wemm writes: : As bizzare as it sounds, I like Julian's hack for populating this stuff... : ie: use a hard link to propagate nodes to the jailed /dev. : : eg: mount -t devfs -o empty /home/jail/dev : ln /dev/null /home/jail/dev/null : ln /dev/zero /home/jail/dev/zero : ... : mount -u -o ro /home/jail/dev But you can't do hard links accross file systems. Or is that a hack of devfs to allow it, and if so does that create any other security problems. Recall the security implications of having procfs's 'file' file. He made a hard link to the file in question, and exposed many different classes of problem: unwanted disclosure, failure to take into account directory permissions, the ability to hard link to the file and execute it later (bad for setuid programs), etc. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102031932.f13JWo961621>