[Bug 211580] deny system message buffer access from jails
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Aug 8 16:11:05 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211580
--- Comment #6 from Miroslav Lachman <000.fbsd at quip.cz> ---
(In reply to Joe Barbish from comment #5)
I don't think so. Attackers can use security.jail.jailed to show the truth.
Leaking SW / HW info from the host to jail by dmesg should be avoided (with
configurable sysctl)
We are running all jailers with security.bsd.unprivileged_read_msgbuf=0 for
this reason.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-jail
mailing list