New in-kernel privilege API: priv(9)
Alexander at Leidinger.net
Tue Oct 31 19:33:22 UTC 2006
Quoting Robert Watson <rwatson at FreeBSD.org> (Tue, 31 Oct 2006 09:43:45 +0000 (GMT)):
> (2) Sweep of the remaining kernel files, cleaning up privilege checks,
> replacing suser()/suser_cred() calls, etc, across the kernel.
What about denying access to the dmesg in a jail? I noticed in the run
of the periodic scripts in jails that I can see the segfaults of
programs in other jails (stock -current, but I haven't seen such a
privilege in your list of allowed privileges for a jail). A quick test
revealed that I'm able to see the complete dmesg.
From an user point of view I don't want to get confused by broken stuff
in a jail of someone else (shared hosting) and I don't want to let
other people know what programs I run (in case they are failing).
"I suppose the secret to happiness is learning to appreciate the moment."
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
More information about the freebsd-arch