kern/95925: security.jail.jailed should be more secure
Cheng-Lung Sung
clsung at FreeBSD.org
Mon Apr 17 15:10:18 UTC 2006
>Number: 95925
>Category: kern
>Synopsis: security.jail.jailed should be more secure
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Mon Apr 17 15:10:17 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Cheng-Lung Sung
>Release: FreeBSD 6.1-PRERELEASE i386
>Organization:
FreeBSD @ Taiwan
>Environment:
System: FreeBSD FreeBSD.csie.nctu.edu.tw 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #7: Thu Apr 13 03:20:20 CST 2006 root at FreeBSD.csie.nctu.edu.tw:/home/usr.obj/usr/src/sys/FREEBSD i386
>Description:
security.jail.jailed can be too easily shown from in jail,
since it gives *someone* changes to know if he is in jail or not.
I think better only show jailed when the administrator decide
to insecure his machines (i.e. securelevel <=0)
>How-To-Repeat:
sysctl -a | grep security.jail.jailed
>Fix:
--- sys/kern/kern_jail.c.orig Mon Apr 17 22:53:48 2006
+++ sys/kern/kern_jail.c Mon Apr 17 22:54:03 2006
@@ -580,5 +580,6 @@
return (error);
}
-SYSCTL_PROC(_security_jail, OID_AUTO, jailed, CTLTYPE_INT | CTLFLAG_RD,
+SYSCTL_PROC(_security_jail, OID_AUTO, jailed,
+ CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_SECURE,
NULL, 0, sysctl_jail_jailed, "I", "Process in jail?");
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list