[Bug 259582] hw.snd.default_unit can be modified by any user including those in a jail

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 02 Nov 2021 01:46:07 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259582

Konstantin Belousov <kib@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Version|unspecified                 |CURRENT
              Group|freebsd_committer           |
           Assignee|secteam@FreeBSD.org         |bugs@FreeBSD.org
            Product|Security                    |Base System
          Component|Base                        |misc

--- Comment #5 from Konstantin Belousov <kib@FreeBSD.org> ---
You would need a reverse of CTLFLAG_PRISON to get the requested functionality.
Or something like ANYBODY_PRISON0.

But perhaps the best route is to remove this sysctl at all, and update mixer
functionality to allow to specify the desired default output.  This would make
it honor all normal 'security' checks.

-- 
You are receiving this mail because:
You are the assignee for the bug.