kern/95925: security.jail.jailed should be more secure

Cheng-Lung Sung clsung at FreeBSD.org
Mon Apr 17 15:10:18 UTC 2006


>Number:         95925
>Category:       kern
>Synopsis:       security.jail.jailed should be more secure
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 17 15:10:17 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Cheng-Lung Sung
>Release:        FreeBSD 6.1-PRERELEASE i386
>Organization:
FreeBSD @ Taiwan
>Environment:
System: FreeBSD FreeBSD.csie.nctu.edu.tw 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #7: Thu Apr 13 03:20:20 CST 2006 root at FreeBSD.csie.nctu.edu.tw:/home/usr.obj/usr/src/sys/FREEBSD i386

>Description:
	security.jail.jailed can be too easily shown from in jail,
	since it gives *someone* changes to know if he is in jail or not.
	I think better only show jailed when the administrator decide
	to insecure his machines (i.e. securelevel <=0)
>How-To-Repeat:
	sysctl -a | grep security.jail.jailed
>Fix:

--- sys/kern/kern_jail.c.orig	Mon Apr 17 22:53:48 2006
+++ sys/kern/kern_jail.c	Mon Apr 17 22:54:03 2006
@@ -580,5 +580,6 @@
 
 	return (error);
 }
-SYSCTL_PROC(_security_jail, OID_AUTO, jailed, CTLTYPE_INT | CTLFLAG_RD,
+SYSCTL_PROC(_security_jail, OID_AUTO, jailed,
+	CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_SECURE,
     NULL, 0, sysctl_jail_jailed, "I", "Process in jail?");

>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list