On Sun, May 14, 2006 at 09:48:20PM -0700, EKC wrote:
> Hello,
>
> I'm running a perl script inside of a linux vserver, and the script
> requires access to tty and pty devices. However /dev/MAKEDEV and mknod
> cannot create pty devices from within a vserver. Therefore I am adding
> pty devices to a vserver by way of the host operating system:
>
> [vserver host] cp -a /dev/tty* /vservers/my_vserver/dev/
> [vserver host] cp -a /dev/pty* /vservers/my_vserver/dev/
>
> Does this compromise the security of the vserver in any way?
not of the vserver I guess, but the rest of the system
because having arbitrary tty/pty devices will allow the
guest to sniff/enter data from/into other guests and
the host system as well ...
> Is there a way to add devices from within a vserver itself?
pts/ptmx is auto created inside a guest, with proper
permissions and security (tty and pty are not required
inside a guest, unless you want to assign certain 'real'
consoles to the guest, like vt0/1/2 etc)
what you probably want is to get a perl script which
is younger than 10 years (if it still uses pty) or
to trick the script into believing that the devices
are there, by creating copies of the current tty,
if it actually doesn't use them ...
HTH,
Herbert
>
> Thanks in advance,
> EKC
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Wed May 17 18:14:13 2006