Hi, Reference: > From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> > Date: Fri, 19 Jul 2013 08:34:45 +0200 =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= wrote: > "Julian H. Stacey" <jhs@berklix.com> writes: > > A ssh to a jail followed by Who, if it shows just pts/0, shows > > no one else is logged in { within jail And Also Outer Prison > > [And presumably also other parallel jails] }. > > Not really, it just shows that pts/0 was available. Like file > descriptors, pseudo-ttys are allocated on a first-unused basis. There > could be twenty people logged in; if the first logs out, the > twenty-first gets pts/0. Thanks DES, Yes, I suppose so, on busy hardware. It was more obvious what was going on with my prison & jail as that was lightly logged in. If FreeBSD wanted to obscure the information, I suppose one could do a kernel tweak to do pty allocation from a cyclic buffer, (like PID IDs) rather than searching sequentially from 0 each time, but I guess there's more interesting things to do than that. > Also, please read the warning at the start of the jail chapter in the > FreeBSD handbook. Wow ! Light dawns brightly ! > I should probably update it to note that there are > many ways in which information can leak between jails and the host. If so do, maybe add http://lists.freebsd.org/mailman/listinfo/freebsd-jail next to http://lists.freebsd.org/mailman/listinfo/freebsd-questions If you think appropriate. Thanks. Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Reply below not above, like a play script. Indent old text with "> ". Send plain text. No quoted-printable, HTML, base64, multipart/alternative. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"