Date: Thu, 24 Aug 2000 10:00:36 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.org> To: Brian Fundakowski Feldman <green@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern kern_resource.c Message-ID: <Pine.NEB.3.96L.1000824095738.31688B-100000@fledge.watson.org> In-Reply-To: <Pine.NEB.3.96L.1000824094015.31571C-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 24 Aug 2000, Robert Watson wrote: > On Thu, 24 Aug 2000, Brian Fundakowski Feldman wrote: > > misinterpretted in saying that the out-of-jail check has been removed, as > the later suser_xxx() call happens after a PRISON_CHECK(), and the old > code did not have the PRISON_CHECK() call (just my patches to it, hence my > thinking it had now become broken :-). Dammit, never read patches right after you get up. As you note in the recent commit comment, the PRISON_ROOT must be removed from suser(), or it allows jail'd processes to do nasty scheduling things. There are actually two types of privilege being checked for here: 1) Can the process influence the scheduling of the target pid regardless of credentials on either process (ok within jail) 2) Can the process violate system policy for safe scheduling of user processes (not ok within jail) The first check, currently in p_trespass(), but perhaps to be pulled out, has to do with issue 1. The suser() you just fixed (at my request) has to do with issue 2. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1000824095738.31688B-100000>