kern/85205: Minor information leak in jails - a user can view the
host's ARP table
Attila Nagy
bra at fsn.hu
Mon Aug 22 08:30:19 GMT 2005
>Number: 85205
>Category: kern
>Synopsis: Minor information leak in jails - a user can view the host's ARP table
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Aug 22 08:30:17 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Attila Nagy
>Release: FreeBSD 5.4
>Organization:
FSN
>Environment:
FreeBSD clytaemnestra 5.4-STABLE FreeBSD 5.4-STABLE #3: Thu Aug 11 13:00:47 CEST 2005 root at clytaemnestra:/usr/obj/usr/src/sys/CLYTAEMNESTRA i386
>Description:
A user can view the host's ARP table with -for example- arp -an in a jail. This can reveal some IP (and MAC) addresses on the local networks and the frequency of the communication (ARP timeouts). This can be undesirable in some situations.
>How-To-Repeat:
Jail a user and issue arp -an.
>Fix:
It would be very good to have an option, similar to security.bsd.unprivileged_read_msgbuf to disable this kind of behaviour.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list