Re: unprivileged users are able to kill certain jailed processes

From: Andre Oppermann <andre_at_freebsd.org>
Date: Mon, 06 Feb 2006 14:04:11 +0100
Björn König wrote:
> Hello,
> 
> unprivileged users of the host environment can see jailed processes with 
> the same user ID. Furthermore they are able to send signals to these 
> processes. I think since users are not allowed to imprison processes 
> there is no reason why they should see them or even kill them.

 From the hosts point of view a jail is like a user and all processes in
that jail are of that user.  If you have normal users on the host and
have jails under the same user id then, yea, tough luck.  You're not
supposed to do that.  The purpose of jail is to protect the host from
what is running in the jail, not the other way around.

-- 
Andre
Received on Mon Feb 06 2006 - 12:04:12 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:52 UTC