[Bug 211580] deny system message buffer access from jails
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Oct 15 22:34:14 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211580
--- Comment #18 from Joe Barbish <qjail1 at a1poweruser.com> ---
(In reply to Jamie Gritton from comment #16)
The whole point of this PR is about the ability for the dmesg command to exec
from within a jail. The consensus is yes it's a security leak of host
information. Now were faced with should "allow.show.dmesg" default to being set
to "NO". As a Jail admin I would prefer additional security to automatically
happen without any effort on my part. I think this is such a minor thing that
it would go unnoticed.
In this same subject of leaked info into a jail I see 2 additional candidates.
1. The "sysctl" console command. When issued from within a jail it will show
the host value. But when you try to use sysctl to change a value you get
"Operation not permitted". This is the jail doing it's job. I think a
"allow.show.sysctl" should be added with the default being not to show
anything.
2. The "kenv" console command. When issued from within a jail it will show the
host values. This is giving out info akin to what the dmesg is showing. I think
a "allow.show.kenv" should be added with the default being not to show
anything.
I see these 3 leaks as trivial items that were over looked in jail(8) original
design. Now we have the opportunity to revisit the subject of console commands
that leak host info into a jail and close those leaks.
Their may be other commands that behave in like manner that other people may
present here for addressing in the same manner.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-jail
mailing list