Jails with securelevel 3 still need retpoline?
Dewayne Geraghty
dewaynegeraghty at gmail.com
Wed Nov 20 03:06:26 UTC 2019
I want to have a secure platform, but would not like to degrade performance
(amd64 based systems)
If everything that a user touches is in a jail (sendmail, dovecot, squid,
httpd, ...), and each jail is running at secure level 3 AND there are no
/dev/mem nor /dev/kmem devices accessible within the jail, do I still need
to mitigate unauthorised access in src.conf, prior to a build, using
WITH_RETPOLINE & WITH_KERNEL_RETPOLINE?
Part of the reason for concern is when I jexec into j1,
j1# tty
/dev/pts/8
even though there is no pts node under /dev.
j1# ls /dev/
crypto fd null random stderr stdin stdout urandom zero
root is further restricted as I'm also running (most) applications with
unpriviledged identities (eg www) where I'm leveraging
security.mac.portacl.rules.
This has been on my mind for sometime, but now a decision is needed, so any
advise welcome :)
More information about the freebsd-security
mailing list