Date: Sun, 14 Oct 2018 05:56:00 +0000 From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 211580] deny system message buffer access from jails Message-ID: <bug-211580-29815-tzsBYihHXG@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-211580-29815@https.bugs.freebsd.org/bugzilla/> References: <bug-211580-29815@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211580 Jamie Gritton <jamie@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #173424|0 |1 is obsolete| | --- Comment #16 from Jamie Gritton <jamie@FreeBSD.org> --- Created attachment 198114 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D198114&action= =3Dedit Current revision of allow.read_msgbuf patch I've updated Bjoern's patch for recent changes to allow.* handling, and gav= e it a mention in jail(8). As I mentioned, I'm still concerned about this permission bit beingoff by default. I think I might have misinterpreted Joe's focus (he may have been referring to security.bsd.unprivileged_read_msgbufandnot allow.read_msgbuf), but my comment remains: do we want to change the default behavior, or just allow it to be changed for those who care? A point in favor of changing the default is this is something of a security issue, so a reasonable default is to tend toward the more secure - plus, th= at's more of a reason to include it in 12. Hmm ... yeah, I can see either side= .=20 So which wins? --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-211580-29815-tzsBYihHXG>