[Bug 211580] deny system message buffer access from jails

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[Bug 211580] deny system message buffer access from jails


--- Comment #19 from Jamie Gritton <[hidden email]> ---
(In reply to Joe Barbish from comment #18)

1. The "sysctl" command: the sysctl MIB that the command is an interface to
contains a wide variety of things, many of which jails have no need to see, and
some of which (e.g. kern.hostname) are considered essential for normal
operation, and doubtless some in between.  Many of the jail permission bits are
already tied to specific parts of the MIB, but it doesn't make any sense to
wholesale turn off the ability to retrieve data via sysctl.  It might make
sense to have some kind of jail-readable flag for sysctls, similar to the
jail-writable flag that already exists (CTLFLAG_PRISON), but there are many
per-value judgement calls to make there.

2. The "kenv" command and associated system call: none of this information
looks particularly useful to jails, but neither does it look particularly
dangerous.  At first glance, that's a similar situation to dmesg, but the
problem with the latter is there's no regulation on the kind of information
that might end up in the dmesg buffer.  The kernel environment from kenv isn't
so open-ended, and seems to be almost entirely boot/device options.  We may
want to hide those, and I doubt that showing them serves anyone any purpose,
but I'm not particularly worried about the security implications.

You are receiving this mail because:
You are the assignee for the bug.
[hidden email] mailing list
To unsubscribe, send any mail to "[hidden email]"