[Bug 200361] net.inet.tcp.hostcache.list is jail information leak

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200361

Bjoern A. Zeeb <bz at FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Open                        |In Progress

--- Comment #1 from Bjoern A. Zeeb <bz at FreeBSD.org> ---
Not even compile tested but if someone could make sure it does the right thing,
that would be great:

(1) base system should always continue to work as-is.
(2) a classic jail should get an "operation not permitted" back on attempting
to read.
(3) for VIMAGE kernels, base system see (1), classic jail see (2), and a vnet
jail should not change either.

Index: tcp_hostcache.c
===================================================================
--- tcp_hostcache.c     (revision 283272)
+++ tcp_hostcache.c     (working copy)
@@ -69,6 +69,7 @@ __FBSDID("$FreeBSD$");

 #include <sys/param.h>
 #include <sys/systm.h>
+#include <sys/jail.h>
 #include <sys/kernel.h>
 #include <sys/lock.h>
 #include <sys/mutex.h>
@@ -608,6 +609,9 @@ sysctl_tcp_hc_list(SYSCTL_HANDLER_ARGS)
        char ip6buf[INET6_ADDRSTRLEN];
 #endif

+       if (jailed_without_vnet(curthread->td_cred) != 0)
+               return (EPERM);
+
        sbuf_new(&sb, NULL, linesize * (V_tcp_hostcache.cache_count + 1),
                SBUF_INCLUDENUL);

-- 
You are receiving this mail because:
You are the assignee for the bug.