misc/68190: Jail discloses all mounts and all partition sizes
Mark Delany
sxcg2-fuwxj at qmda.emu.st
Tue Jun 22 05:10:33 GMT 2004
>Number: 68190
>Category: misc
>Synopsis: Jail discloses all mounts and all partition sizes
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jun 22 05:10:21 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Mark Delany
>Release: 4.10
>Organization:
>Environment:
>Description:
A jailed prisoner can see of mounts and all file systems by the mount command and the df command.
>How-To-Repeat:
Create a jail on a particular file system
>Fix:
Only display the mount and file system information for the filesystem used by the jail. Better yet, don't allow mount and perhaps have df display just the quota information for that user.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list