Configuration differences for jails
Joerg Sonnenberger
joerg at britannica.bec.de
Thu Apr 21 04:44:15 PDT 2005
On Thu, Apr 21, 2005 at 07:39:08AM -0400, c0ldbyte wrote:
> Now if that last question is correct and thats the proccess you are using
> to create a jail then depending on the situation wouldnt that inturn
> defeat some of the main purposes of the jail, like the following. If you
> mounted your "/bin" on "/mnt/jail/bin" then if a person that was looking
> to break in and effect the system that is currently locked in the "jail"
> all he would have to do is just write something to the "jail/bin" which is
> actualy your root "/bin" and then the next time a binary is used from your
> root directories it could still infect the rest of the system ultimately
> defeating the purpose of what you just set up. To my understanding and use
> a jail is somewhat totaly independent of the OS that it resides in and
> wont be if you are using nullfs to mount root binary directories on it.
ro mount as written by grant parent protects against this.
Joerg
More information about the freebsd-hackers
mailing list