unprivileged users are able to kill certain jailed processes
Björn König
bkoenig at cs.tu-berlin.de
Sun Feb 5 06:08:56 PST 2006
Hello,
unprivileged users of the host environment can see jailed processes with
the same user ID. Furthermore they are able to send signals to these
processes. I think since users are not allowed to imprison processes
there is no reason why they should see them or even kill them.
Someone pointed me to this issue and I want to know what you think about
this.
These are some steps to reproduce:
root at host # jail -Uuserxy / localhost 127.0.0.1 /bin/sleep 12345&
root at host # ps a | grep sleep
2255 p2 IJ 0:00,01 /bin/sleep 12345
login as 'userxy'
userxy at host $ ps a | grep sleep
2255 p2 IJ 0:00,01 /bin/sleep 12345
userxy at host $ ps a | grep sleep
[nothing]
This is a suggestion to eliminate this behaviour. I appreciate further
testing because I hadn't much time to do it.
=== patch starts here ===
--- src/sys/kern/kern_jail.c.orig Wed Sep 28 02:30:56 2005
+++ src/sys/kern/kern_jail.c Sun Feb 5 14:42:00 2006
@@ -405,6 +405,9 @@
return (ESRCH);
if (cred2->cr_prison != cred1->cr_prison)
return (ESRCH);
+ } else {
+ if (jailed(cred2) && suser_cred(cred1, 0))
+ return (ESRCH);
}
return (0);
=== patch ends here ===
Regards
Björn
More information about the freebsd-current
mailing list