|
| From: | Olivier Sessink |
| Subject: | Re: [Jailkit-users] Jailkit and Gnu Screen, possible safely? |
| Date: | Wed, 06 Apr 2011 23:04:44 +0200 |
| User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.14) Gecko/20110223 Thunderbird/3.1.8 |
On 04/01/2011 02:26 PM, Ngo Chen wrote:
Hello, I would like to know if it is possible to use screen with jailkit without security issues? I found this mailing list message: http://lists.nongnu.org/archive/html/jailkit-users/2007-11/msg00006.html which states that the only way to give screen a terminal to use is to do a dangerous mount: mount -t devpts devpts /home/jail/dev/pts/ doesn't jailkit really offer any safe way to get around this? I think a shelljail should be able to provide all the necessary services without having to go around the jail environment itself in this crude and unsecure way.
that mount is not dangerous at all if you compare it to a system without a jail. That mount inside a jail may be a tiny little bit less secure than a jail without that mount. So this is not a security issue. This is only a security issue if you are totally paranoid about the process that will run inside the jail. In which case you probably shouldn't run that program at all.
Olivier -- Bluefish website http://bluefish.openoffice.nl/ Blog http://oli4444.wordpress.com/
| [Prev in Thread] | Current Thread | [Next in Thread] |