Possible security issue with jails
Poul-Henning Kamp
phk at phk.freebsd.dk
Tue Jan 11 14:06:15 PST 2005
In message <20050111221055.GD68350 at micah.tamu.edu>, Micah writes:
>Howdy!
>
>I'm not sure if this is actually an issue, feature or a bug, but I have found
>that inside a jail, the jailed root user is able to sniff traffic (and enable
>promiscuous mode) on at least the interface of the IP address the jail is attached
>to.
Only if you leave bpf devices in the devfs mounted on the jail.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the freebsd-security
mailing list