[Bug 211580] deny system message buffer access from jails

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Bug 211580] deny system message buffer access from jails

bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211580

--- Comment #18 from Joe Barbish <[hidden email]> ---
(In reply to Jamie Gritton from comment #16)

The whole point of this PR is about the ability for the dmesg command to exec
from within a jail. The consensus is yes it's a security leak of host
information. Now were faced with should "allow.show.dmesg" default to being set
to "NO".  As a Jail admin I would prefer additional security to automatically
happen without any effort on my part. I think this is such a minor thing that
it would go unnoticed.

In this same subject of leaked info into a jail I see 2 additional candidates.

1. The "sysctl" console command. When issued from within a jail it will show
the host value. But when you try to use sysctl to change a value you get
"Operation not permitted". This is the jail doing it's job. I think a
"allow.show.sysctl" should be added with the default being not to show
anything.

2. The "kenv" console command. When issued from within a jail it will show the
host values. This is giving out info akin to what the dmesg is showing. I think
a "allow.show.kenv" should be added with the default being not to show
anything.

I see these 3 leaks as trivial items that were over looked in jail(8) original
design. Now we have the opportunity to revisit the subject of console commands
that leak host info into a jail and close those leaks.

Their may be other commands that behave in like manner that other people may
present here for addressing in the same manner.

--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"