kern/95925: security.jail.jailed should be more secure

Cheng-Lung Sung clsung at
Mon Apr 17 15:10:18 UTC 2006

>Number:         95925
>Category:       kern
>Synopsis:       security.jail.jailed should be more secure
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 17 15:10:17 GMT 2006
>Originator:     Cheng-Lung Sung
>Release:        FreeBSD 6.1-PRERELEASE i386
FreeBSD @ Taiwan
System: FreeBSD 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #7: Thu Apr 13 03:20:20 CST 2006 root at i386

	security.jail.jailed can be too easily shown from in jail,
	since it gives *someone* changes to know if he is in jail or not.
	I think better only show jailed when the administrator decide
	to insecure his machines (i.e. securelevel <=0)
	sysctl -a | grep security.jail.jailed

--- sys/kern/kern_jail.c.orig	Mon Apr 17 22:53:48 2006
+++ sys/kern/kern_jail.c	Mon Apr 17 22:54:03 2006
@@ -580,5 +580,6 @@
 	return (error);
-SYSCTL_PROC(_security_jail, OID_AUTO, jailed, CTLTYPE_INT | CTLFLAG_RD,
+SYSCTL_PROC(_security_jail, OID_AUTO, jailed,
     NULL, 0, sysctl_jail_jailed, "I", "Process in jail?");


More information about the freebsd-bugs mailing list