From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Fri 27 Jun 2003 - 04:15:35 BST
On Thu, Jun 26, 2003 at 10:50:23PM -0400, Alejandro Mery Pellegrini wrote:
> >hmm, in what way do you believe /dev/tty would
> >or could compromise security?
> >[V] mknod /dev/tty c 5 0
> >will do nicely
/dev/tty is the current tty (nothing more,
nothing less, so no issue with that, I believe)
> i have a similar doubt but related with pty and devfs,
> .i.e. /dev/pts/n is created by devfs just when needed,
> how does it works using contexts?
using devfs would be a major security issue,
allowing any virtual root user to destroy
the physical system ... so this is a BadIdea(TM)
> mount --bind /dev/pts /vservers/this/dev/pts
> mount --bind /dev/pts /vservers/that/dev/pts
devpts on the other hand, should make no troubles
> mount -t devpts /vserver/this/dev/pts none
> mount -t devpts /vserver/that/dev/pts none
> some other way?
> /dev/pts/1 of 'this' will be the same /dev/pts/1 of 'that'? will be
> do i need mknod capability on those contexts to allow the daemons to
> create pts?
> any security problem?
regarding to Jacques documentation section 184.108.40.206 /dev/pts
Starting with the ctx-6 patch, /dev/pts is virtualised.
Although the file numbers are allocated from a single pool,
a vserver only see the pseudo-tty it owns.
> Alejandro Mery