[Avcheck] Installing Kaspersky's AVP, AVCheck for FreeBSD4.x

Michael Tokarev mjt@tls.msk.ru
Tue, 20 Nov 2001 04:50:48 +0300 

Len Conrad wrote:
> 
[]
> (I'm not sure how or why the console device was created on one
> fbsd+kasp+avcheck machine I set up, but it was certainly in dev along with
> null.  that that machine worked, while the 2nd machine w/o dev/console had
> "da" SCSI block alignment errors, as if some device was writing on the SCCI
> device rather than something else)

Do you still have that machine with bad behaviour?  It is interesting
to see what files it has opened (using e.g. lsof or maybe even strace).
I thought about yet another device file that *may* be needed too --
this is /dev/zero.  At least on Solaris, dynamic linker uses /dev/zero
to mmap dynamic libraries to an anonimous space (or was that malloc?).
In any way, if your chroot jail had no disk/partition devices, there
should be absolutely no way to access them from there by a non-root
program.  And if them was accessed, then it is a *serious* bug in a
kernel.  This is *non-root* userspace.

> Is this the right command to create null?
> 
> mknod avp/dev/null c 13 2
> 
> I see this on the system /dev for permissions:
> 
> # ls -al /dev/null
> crw-rw-rw-  1 root  wheel    2,   2 Nov 19 08:39 /dev/null

Just compare your two /dev/nulls with each other. -- Oh, Oh, Oh ma!
Where was "13 2" come from?!?!?  This is from my message sent
Sun, 11 Nov 2001 23:28:58 +0300 (Re: real virus test?):

> $ ls -l /dev/null
>  crw-rw-rw-    1 root     root       1,   3 οΛΤ 24  2000 /dev/null
> ^^^                                 ^^^  ^^^ 
>
> (1,3 will be different on FreeBSD).  First `c' is a device type,
> character device in this case.  1 is major, 3 is minor.  So:
>
>  mknod /var/spool/avp/dev/null c 1 3

Having your `ls -al' output above, you should create a device
with major=2 and minor=2, as

  mknod dev/null c 2 2

A question.  To (Free)BSD folks.  Are the device numbers consistent
from system to system?  Or are them assigned dynamically (like devfs)?

It seems it is safer and in fact more useful to have dev/null a FILE,
not a DEVICE (as I said several times -- create it as a PLAIN FILE).
The same is about dev/console.

Now, looking on how you created your dev/null, I suspect it is again
not what we want.  Try

 ls -al /dev | fgrep ' 13,' | fgrep ' 2 '

to find what real device you created instead of dev/null.

Folks, how to set up chroot jail on (Free)BSD properly?  And why it
is only Len who actually has troubles with this?  How this was done
by others?

And this is yet another reason to actually NOT use chroot jail at
all -- it may be *far* worse than not using it -- if not set up
properly... :(

Regards,
 Michael