[PATCH] Dangerous jail()<->ioctl interactions.
Joerg Sonnenberger
joerg at britannica.bec.de
Wed Feb 23 08:28:29 PST 2005
On Mon, Feb 21, 2005 at 10:16:56PM +0000, Wojciech A. Koszek wrote:
> Hello hackers,
> I would like to let you know I've been doing [partial] audit of ioctl()
> code. There are some places, which may interest you. These are:
>
> sys/cam/cam_xpt.c
> sys/contrib/ipfilter/netinet/ip_fil.c
> sys/contrib/pf/net/pf_ioctl.c
> sys/dev/ata/ata-all.c
> sys/dev/md/md.c
> sys/geom/geom_ctl.c
I would argue that the controlling device are not supposed to be
in a jail if you are concerned about something attacking your system
with it. At least for FreeBSD 4, MAKEDEV jail doesn't create any of
those.
Joerg
More information about the freebsd-hackers
mailing list