Hi all,
When attempting to use ssh from within a Jail using jexec, because there is no pseudo tty device by default, it fails.
The following commands can be used to enable the tty devices within the Jail's devfs.
Now SSH works but can anyone think of any security issues by doing this? If I was adding /dev/da0* or filesystem devices I could certainly see issue in that the Jail restrictions can be bypassed by using the raw devices. However what is the worst that a malicious user could do with the /dev/tty* devices?
Thanks!
When attempting to use ssh from within a Jail using jexec, because there is no pseudo tty device by default, it fails.
The following commands can be used to enable the tty devices within the Jail's devfs.
Code:
# devfs -m /path/to/jail rule path 'tty*' unhide
# devfs -m /path/to/jail rule applyset
Now SSH works but can anyone think of any security issues by doing this? If I was adding /dev/da0* or filesystem devices I could certainly see issue in that the Jail restrictions can be bypassed by using the raw devices. However what is the worst that a malicious user could do with the /dev/tty* devices?
Thanks!