Jail devfs unhiding tty* Security issues?

kpedersen

Daemon

Thanks: 391
Messages: 1,240

#1
Hi all,

When attempting to use ssh from within a Jail using jexec, because there is no pseudo tty device by default, it fails.
The following commands can be used to enable the tty devices within the Jail's devfs.

Code:
# devfs -m /path/to/jail rule path 'tty*' unhide
# devfs -m /path/to/jail rule applyset
Now SSH works but can anyone think of any security issues by doing this? If I was adding /dev/da0* or filesystem devices I could certainly see issue in that the Jail restrictions can be bypassed by using the raw devices. However what is the worst that a malicious user could do with the /dev/tty* devices?

Thanks!
 

Snurg

Aspiring Daemon

Thanks: 327
Messages: 794

#2
Don't know whether this is possible, but maybe it would be helpful if there could be assigned particular tty# and jail, so that one would not need to open up all ttys.
 
OP
OP
K

kpedersen

Daemon

Thanks: 391
Messages: 1,240

#3
Ah right, I assumed that using jexec at all was the issue but turns out using jexec via ssh is fine too. This is generally the rule:

1) host -> ssh -> jail -> ssh [works]
2) host -> ssh -> host -> jexec -> jail -> ssh [works]
3) host -> jexec -> jail -> ssh [fails]

It seems that jexec detects SSH and forwards something. It is only the host directly using jexec that causes issue with later ssh attempts.
Number 2 is what I use because I have an account jail@myserver.com and some inhouse software I am working on that allows me to add, remove and attach jails.
 
Top