Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 14 Jan 2002 10:59:52 -0800
From:      "Ryan C. Creasey" <>
To:        <freebsd-security@FreeBSD.ORG>
Subject:   RE: jail and NFS
Message-ID:  <000001c19d2d$a5dae5c0$>

Next in thread | Raw E-Mail | Index | Archive | Help
> By the way ...
> when it type in jailed box
> 	mount 
> i saw all filesystems and shares mounted by host system
> is this correct ? 

As far as I can tell, yes... I have several jails running within my
master environment and there are quite a few ways for a user in the jail
to realize that they're actually in the jail. mount
/dev/ad0s1a on / (ufs, local)
/dev/ad0s1f on /usr (ufs, local, with quotas)
/dev/ad0s1e on /var (ufs, local)
procfs on /proc (procfs, local)
procfs on /usr/jail/ (procfs, local)
procfs on /usr/jail/ (procfs, local)
procfs on /usr/jail/ (procfs, local)

ps being another one; note the 'J': ps
68462  p9- IJ     0:00.01 /bin/sh /usr/local/bin/safe_mysqld
33488  pc  R+J    0:00.00 ps
58200  pc  SJ     0:00.04 -su (bash)

Although there are ways to "hack" your jail to fake users into believing
they are acutally on a real environment.  As with the above example,
it's rather trivial to recompile ps by removing the switch for the 'J'
flag: ps
32266  p7  I+     0:00.02 -su (bash)
63606  p8- I      0:00.01 /bin/sh /usr/local/bin/safe_mysqld
33487  pd  R+     0:00.00 ps
58217  pd  S      0:00.11 -su (bash)

But there are too many little instances that I seem to overlook.  Does
anyone know of a project (freshmeat?) out there that does this?  Or am I
just unusual for wanting users to believe they're not in a jail?

Ryan C. Creasey
Network Engineer

To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <$a5dae5c0$2801a8c0>