UNIX domain sockets on nullfs still broken?
Linda Messerschmidt
linda.messerschmidt at gmail.com
Tue Dec 1 15:22:04 UTC 2009
On Mon, Nov 30, 2009 at 10:14 AM, Ivan Voras <ivoras at freebsd.org> wrote:
>> What's the sane solution, then, when the only method of communication
>> is unix domain sockets?
>
> It is a security problem. I think the long-term solution would be to add a
> sysctl analogous to security.jail.param.securelevel to handle this.
Out of curiosity, why is allowing accessing to a Unix domain socket in
a filesystem to which a jail has explicitly been allowed access more
or less secure than allowing access to a file or a devfs node in a
filesystem to which a jail has explicitly been allowed access?
More information about the freebsd-hackers
mailing list