svn commit: r255316 - head/sys/kern
Gleb Smirnoff
glebius at FreeBSD.org
Fri Sep 6 18:18:29 UTC 2013
On Fri, Sep 06, 2013 at 05:32:29PM +0000, Jamie Gritton wrote:
J> Author: jamie
J> Date: Fri Sep 6 17:32:29 2013
J> New Revision: 255316
J> URL: http://svnweb.freebsd.org/changeset/base/255316
J>
J> Log:
J> Keep PRIV_KMEM_READ permitted inside jails as it is on the outside.
J>
J> Modified:
J> head/sys/kern/kern_jail.c
J>
J> Modified: head/sys/kern/kern_jail.c
J> ==============================================================================
J> --- head/sys/kern/kern_jail.c Fri Sep 6 17:19:57 2013 (r255315)
J> +++ head/sys/kern/kern_jail.c Fri Sep 6 17:32:29 2013 (r255316)
J> @@ -3885,6 +3885,13 @@ prison_priv_check(struct ucred *cred, in
J> case PRIV_VFS_SETGID:
J> case PRIV_VFS_STAT:
J> case PRIV_VFS_STICKYFILE:
J> +
J> + /*
J> + * As in the non-jail case, non-root users are expected to be
J> + * able to read kernel/phyiscal memory (provided /dev/[k]mem
J> + * exists in the jail and they have permission to access it).
J> + */
J> + case PRIV_KMEM_READ:
J> return (0);
J>
J> /*
Was that discussed anywhere or reviewed by anyone?
--
Totus tuus, Glebius.
More information about the svn-src-all
mailing list