[Bug 211580] deny system message buffer access from jails
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Aug 8 15:37:40 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211580
--- Comment #5 from Joe Barbish <qjail1 at a1poweruser.com> ---
I have been thinking about this more and I remember having this discussion some
time a few years ago in the past. There is nothing wrong with the dmesg command
issued from within a non-vimage jail showing the in kernel message info. This
also happens with the ifconfig command when issued from within a non-vimage
jail.
The intent was not to give a compromised jail attacker any indication he was
not on the host, but in a jailed environment. Turning off dmesg or ifconfig
when issued from a jail would indeed be such an indication.
In a vnet/vimage this would also be true for the dmesg command.
This is not a bug, but done by design with intent.
This pr should be closed.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-jail
mailing list