Possible security issue with jails
Micah
micah at micah.ws
Tue Jan 11 16:27:02 PST 2005
This was the info I needed. Thanks!
-micah
On Tue, Jan 11, 2005 at 11:05:43PM +0100, Poul-Henning Kamp wrote:
> In message <20050111221055.GD68350 at micah.tamu.edu>, Micah writes:
> >Howdy!
> >
> >I'm not sure if this is actually an issue, feature or a bug, but I have found
> >that inside a jail, the jailed root user is able to sniff traffic (and enable
> >promiscuous mode) on at least the interface of the IP address the jail is attached
> >to.
>
> Only if you leave bpf devices in the devfs mounted on the jail.
>
> --
> Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
> phk at FreeBSD.ORG | TCP/IP since RFC 956
> FreeBSD committer | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list