Date: Wed, 12 Jan 2005 00:35:08 +0000 From: Micah <micah@micah.ws> To: freebsd-security@freebsd.org Subject: Re: Possible security issue with jails Message-ID: <20050112003508.GE68350@micah.tamu.edu> In-Reply-To: <24203.1105481143@critter.freebsd.dk> References: <20050111221055.GD68350@micah.tamu.edu> <24203.1105481143@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
This was the info I needed. Thanks! -micah On Tue, Jan 11, 2005 at 11:05:43PM +0100, Poul-Henning Kamp wrote: > In message <20050111221055.GD68350@micah.tamu.edu>, Micah writes: > >Howdy! > > > >I'm not sure if this is actually an issue, feature or a bug, but I have found > >that inside a jail, the jailed root user is able to sniff traffic (and enable > >promiscuous mode) on at least the interface of the IP address the jail is attached > >to. > > Only if you leave bpf devices in the devfs mounted on the jail. > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050112003508.GE68350>