Closing information leaks in jails?
Benjamin Lutz
benlutz at datacomm.ch
Thu Aug 18 15:18:36 GMT 2005
Attila Nagy wrote:
> Hello,
>
> I'm wondering about closing some information leaks in FreeBSD jails from
> the "outside world".
>
> Not that critical (depends on the application), but a simple user, with
> restricted devfs in the jail (devfsrules_jail for example from
> /etc/defaults/devfs.rules) can figure out the following:
[...]
> - full dmesg output after boot and the kernel buffer when it overflows
> (can contain sensitive information)
If it's sensitive in so far as it endangers the privacy of local
non-jailed users, I think that's a bug that'd need fixing.
> - information about geom providers (at least geom mirror list works)
> - the list of the loaded kernel modules via kldstat
> - some interesting information about the network related stuff via netstat
> - information about configured swap space via swapinfo
> - NFS related statistics via nfsstat
> - a lot of interesting stuff via sysctl
I'm not sure why hiding the mentioned information is bad. It only
contains machine-specific data, and at best the private information a
jailed user will be able to figure out is the machine's usage patterns
(yes, crypto folks don't like that, but c'mon...). Hiding that data
isn't real security.
Besides, the user can only gain the data if he can execute the binaries
that provide it. Why not remove, say, the geom programs (and at the same
time make it impossible to execute new programs? Eg only make the
home/tmp dirs writeable, but put those on a noexec partition). That
should make it hard enough to access geom data.
Cheers
Benjamin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 186 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20050818/98e7bf87/signature.bin
More information about the freebsd-security
mailing list