[Bug 211580] deny system message buffer access from jails

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Bug 211580] deny system message buffer access from jails

bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211580

--- Comment #22 from [hidden email] ---
A commit references this bug:

Author: jamie
Date: Sat Oct 20 16:20:37 UTC 2018
New revision: 339446
URL: https://svnweb.freebsd.org/changeset/base/339446

Log:
  MFC r339409, r339420:

    Add a new jail permission, allow.read_msgbuf.  When true, jailed processes
    can see the dmesg buffer (this is the current behavior).  When false (the
    new default), dmesg will be unavailable to jailed users, whether root or
    not.

    The security.bsd.unprivileged_read_msgbuf sysctl still works as before,
    controlling system-wide whether non-root users can see the buffer.

  PR:           211580
  Submitted by: bz

Changes:
_U  stable/11/
  stable/11/sys/kern/kern_jail.c
  stable/11/sys/kern/kern_priv.c
  stable/11/sys/kern/subr_prf.c
  stable/11/sys/sys/jail.h
  stable/11/usr.sbin/jail/jail.8

--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"