security.bsd.see_other_uids for jails
joerg at britannica.bec.de
joerg at britannica.bec.de
Sun May 28 06:50:39 PDT 2006
On Sun, May 28, 2006 at 03:46:06PM +0200, Anatoli Klassen wrote:
> Hi All,
>
> if security.bsd.see_other_uids is set to 0, users from the main system
> can still see processes from jails if they have (by accident) the save uid.
>
> For me it's wrong behavior because the main system and the jail are two
> different systems where uids are independent.
Sorry but you have far bigger security problems if you create such a
setup. E.g. "users" from the outer system can ptrace the processes in
the jail with the same uid.
Short answer is: don't do that.
Joerg
More information about the freebsd-hackers
mailing list