kern/85205: Minor information leak in jails - a user can view the
host's ARP table
bra at fsn.hu
Mon Aug 22 08:30:19 GMT 2005
>Synopsis: Minor information leak in jails - a user can view the host's ARP table
>Arrival-Date: Mon Aug 22 08:30:17 GMT 2005
>Originator: Attila Nagy
>Release: FreeBSD 5.4
FreeBSD clytaemnestra 5.4-STABLE FreeBSD 5.4-STABLE #3: Thu Aug 11 13:00:47 CEST 2005 root at clytaemnestra:/usr/obj/usr/src/sys/CLYTAEMNESTRA i386
A user can view the host's ARP table with -for example- arp -an in a jail. This can reveal some IP (and MAC) addresses on the local networks and the frequency of the communication (ARP timeouts). This can be undesirable in some situations.
Jail a user and issue arp -an.
It would be very good to have an option, similar to security.bsd.unprivileged_read_msgbuf to disable this kind of behaviour.
More information about the freebsd-bugs