# Jail devfs unhiding tty* Security issues?



## kpedersen (Mar 2, 2018)

Hi all,

When attempting to use ssh from within a Jail using jexec, because there is no pseudo tty device by default, it fails.
The following commands can be used to enable the tty devices within the Jail's devfs.


```
# devfs -m /path/to/jail rule path 'tty*' unhide
# devfs -m /path/to/jail rule applyset
```

Now SSH works but can anyone think of any security issues by doing this? If I was adding /dev/da0* or filesystem devices I could certainly see issue in that the Jail restrictions can be bypassed by using the raw devices. However what is the worst that a malicious user could do with the /dev/tty* devices?

Thanks!


----------



## Snurg (Mar 3, 2018)

Don't know whether this is possible, but maybe it would be helpful if there could be assigned particular tty# and jail, so that one would not need to open up all ttys.


----------



## kpedersen (Mar 7, 2018)

Ah right, I assumed that using jexec at all was the issue but turns out using jexec via ssh is fine too. This is generally the rule:

1) host -> ssh -> jail -> ssh [works]
2) host -> ssh -> host -> jexec -> jail -> ssh [works]
3) host -> jexec -> jail -> ssh [fails]

It seems that jexec detects SSH and forwards something. It is only the host directly using jexec that causes issue with later ssh attempts.
Number 2 is what I use because I have an account jail@myserver.com and some inhouse software I am working on that allows me to add, remove and attach jails.


----------

