Remove /dev/console from the jail /dev environment. It's probably not

strictly a security hole, but neither is it a very good idea. Replace it with a symlink to /dev/null to happify programs that expect it. It is suggested that users of the jail environment modify the jail's syslog.conf to not send stuff to /dev/console, but instead syslog it somewhere else. Such as a loghost, potentially even to the host environment's syslog. Approved by: jkh
2000-02-09 22:08:12 +00:00 · 2000-02-09 22:08:12 +00:00 · a4d6222e61
commit a4d6222e61
parent c8e218c397
1 changed files with 2 additions and 1 deletions
--- a/etc/MAKEDEV
+++ b/etc/MAKEDEV
@ -319,9 +319,10 @@ std)

 jail)
 	sh MAKEDEV std pty0
-	rm mem kmem pci io klog		# for security
+	rm mem kmem pci io klog console		# for security
 	ln -sf null mem			# for libkvm (ab)users
 	ln -sf null kmem		# --//--
+	ln -sf null console
 	;;

 mach-4)