From owner-freebsd-jail@freebsd.org  Mon Aug  8 06:29:57 2016
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E9DDFBB1BEA
 for <freebsd-jail@mailman.ysv.freebsd.org>;
 Mon,  8 Aug 2016 06:29:57 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id D9AFE1FDC
 for <freebsd-jail@FreeBSD.org>; Mon,  8 Aug 2016 06:29:57 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u786TvRc057898
 for <freebsd-jail@FreeBSD.org>; Mon, 8 Aug 2016 06:29:57 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 211580] deny system message buffer access from jails
Date: Mon, 08 Aug 2016 06:29:57 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: security
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: linimon@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: assigned_to
Message-ID: <bug-211580-9824-hKXcvIwJT2@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-211580-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-211580-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2016 06:29:58 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211580

Mark Linimon <linimon@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|freebsd-bugs@FreeBSD.org    |freebsd-jail@FreeBSD.org

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-jail@freebsd.org  Mon Aug  8 10:09:32 2016
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 890E5BB290D
 for <freebsd-jail@mailman.ysv.freebsd.org>;
 Mon,  8 Aug 2016 10:09:32 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 7887C1959
 for <freebsd-jail@FreeBSD.org>; Mon,  8 Aug 2016 10:09:32 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u78A9WL3065777
 for <freebsd-jail@FreeBSD.org>; Mon, 8 Aug 2016 10:09:32 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 211580] deny system message buffer access from jails
Date: Mon, 08 Aug 2016 10:09:32 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: security
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: 000.fbsd@quip.cz
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-211580-9824-qSochmGUGK@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-211580-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-211580-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2016 10:09:32 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211580

Miroslav Lachman <000.fbsd@quip.cz> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |000.fbsd@quip.cz

--- Comment #1 from Miroslav Lachman <000.fbsd@quip.cz> ---
Are you aware of security.bsd.unprivileged_read_msgbuf=3D0 sysctl?

Do you think we need anything else / jail specific?

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-jail@freebsd.org  Mon Aug  8 11:47:23 2016
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3E193BB2FDD
 for <freebsd-jail@mailman.ysv.freebsd.org>;
 Mon,  8 Aug 2016 11:47:23 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2DE291F90
 for <freebsd-jail@FreeBSD.org>; Mon,  8 Aug 2016 11:47:23 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u78BlNw6003322
 for <freebsd-jail@FreeBSD.org>; Mon, 8 Aug 2016 11:47:23 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 211580] deny system message buffer access from jails
Date: Mon, 08 Aug 2016 11:47:23 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: security
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: bz@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-211580-9824-Lce2ehszWM@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-211580-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-211580-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2016 11:47:23 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211580

--- Comment #2 from Bjoern A. Zeeb <bz@FreeBSD.org> ---
(In reply to Miroslav Lachman from comment #1)

Yes, I mean either have an option to toggle it for jails with a default of =
"not
allowed" or a global if (jailed()) sorry_no();

Should be trivial to implement and not in any critical path, so...

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-jail@freebsd.org  Mon Aug  8 12:09:32 2016
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7C21DBB2CA9
 for <freebsd-jail@mailman.ysv.freebsd.org>;
 Mon,  8 Aug 2016 12:09:32 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 6BB5112AE
 for <freebsd-jail@FreeBSD.org>; Mon,  8 Aug 2016 12:09:32 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u78C9We4017750
 for <freebsd-jail@FreeBSD.org>; Mon, 8 Aug 2016 12:09:32 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 211580] deny system message buffer access from jails
Date: Mon, 08 Aug 2016 12:09:32 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: security
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: 000.fbsd@quip.cz
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-211580-9824-xdTiNDLDah@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-211580-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-211580-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2016 12:09:32 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211580

--- Comment #3 from Miroslav Lachman <000.fbsd@quip.cz> ---
OK, I understand. I can't write a patch, but I am willing to test it :)

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-jail@freebsd.org  Mon Aug  8 13:37:19 2016
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C315ABB0CAA
 for <freebsd-jail@mailman.ysv.freebsd.org>;
 Mon,  8 Aug 2016 13:37:19 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id B2D531F1C
 for <freebsd-jail@FreeBSD.org>; Mon,  8 Aug 2016 13:37:19 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u78DbIOW087231
 for <freebsd-jail@FreeBSD.org>; Mon, 8 Aug 2016 13:37:19 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 211580] deny system message buffer access from jails
Date: Mon, 08 Aug 2016 13:37:19 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: security
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: qjail1@a1poweruser.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-211580-9824-xje9Lg3G7o@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-211580-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-211580-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2016 13:37:19 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211580

Joe Barbish <qjail1@a1poweruser.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |qjail1@a1poweruser.com

--- Comment #4 from Joe Barbish <qjail1@a1poweruser.com> ---
When issuing the dmesg from within a running jail, should issue a error mes=
sage
saying "Error: Command not available from a jail."

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-jail@freebsd.org  Mon Aug  8 15:37:40 2016
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 90F2DBB23A9
 for <freebsd-jail@mailman.ysv.freebsd.org>;
 Mon,  8 Aug 2016 15:37:40 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 7371D12D8
 for <freebsd-jail@FreeBSD.org>; Mon,  8 Aug 2016 15:37:40 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u78FbdUn019450
 for <freebsd-jail@FreeBSD.org>; Mon, 8 Aug 2016 15:37:40 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 211580] deny system message buffer access from jails
Date: Mon, 08 Aug 2016 15:37:39 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: security
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: qjail1@a1poweruser.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-211580-9824-BrNYW9ThxT@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-211580-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-211580-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2016 15:37:40 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211580

--- Comment #5 from Joe Barbish <qjail1@a1poweruser.com> ---
I have been thinking about this more and I remember having this discussion =
some
time a few years ago in the past. There is nothing wrong with the dmesg com=
mand
issued from within a non-vimage jail showing the in kernel message info. Th=
is
also happens with the ifconfig command when issued from within a non-vimage
jail.=20

The intent was not to give a compromised jail attacker any indication he was
not on the host, but in a jailed environment. Turning off dmesg or ifconfig
when issued from a jail would indeed be such an indication.

In a vnet/vimage this would also be true for the dmesg command.

This is not a bug, but done by design with intent.=20

This pr should be closed.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-jail@freebsd.org  Mon Aug  8 16:11:04 2016
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id F3AE4BB2EE5
 for <freebsd-jail@mailman.ysv.freebsd.org>;
 Mon,  8 Aug 2016 16:11:04 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id E26D01849
 for <freebsd-jail@FreeBSD.org>; Mon,  8 Aug 2016 16:11:04 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u78GB4T8026182
 for <freebsd-jail@FreeBSD.org>; Mon, 8 Aug 2016 16:11:04 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 211580] deny system message buffer access from jails
Date: Mon, 08 Aug 2016 16:11:04 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: security
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: 000.fbsd@quip.cz
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-211580-9824-RqQrpepykU@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-211580-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-211580-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2016 16:11:05 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211580

--- Comment #6 from Miroslav Lachman <000.fbsd@quip.cz> ---
(In reply to Joe Barbish from comment #5)

I don't think so. Attackers can use security.jail.jailed to show the truth.

Leaking SW / HW info from the host to jail by dmesg should be avoided (with
configurable sysctl)

We are running all jailers with security.bsd.unprivileged_read_msgbuf=3D0 f=
or
this reason.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-jail@freebsd.org  Mon Aug  8 21:44:57 2016
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B1BBBBB3339
 for <freebsd-jail@mailman.ysv.freebsd.org>;
 Mon,  8 Aug 2016 21:44:57 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9A04B175B
 for <freebsd-jail@FreeBSD.org>; Mon,  8 Aug 2016 21:44:57 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u78Livat091660
 for <freebsd-jail@FreeBSD.org>; Mon, 8 Aug 2016 21:44:57 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 211580] deny system message buffer access from jails
Date: Mon, 08 Aug 2016 21:44:57 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: security
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: bz@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: attachments.created
Message-ID: <bug-211580-9824-ssDHaeFS5L@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-211580-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-211580-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2016 21:44:57 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211580

--- Comment #7 from Bjoern A. Zeeb <bz@FreeBSD.org> ---
Created attachment 173424
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D173424&action=
=3Dedit
Patch to allow per-jail msgbuf access

Move the sysctl priv check from the kernel msgbuf sysctl to kern_priv.c.
This not only allows jails to overrule the global decision but also MAC
possibly.

The global sysctl to allow unpriv read stays and equally works inside jails
(but not per jail).  However jails can entirely disable access now (on by
default).


Misses a man page update for allow.read_msgbuf [with allow.noread_msgbuf as
counter-option].

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-jail@freebsd.org  Tue Aug  9 12:04:26 2016
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0AEFDBB3A5A
 for <freebsd-jail@mailman.ysv.freebsd.org>;
 Tue,  9 Aug 2016 12:04:26 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id EEF0C13B2
 for <freebsd-jail@FreeBSD.org>; Tue,  9 Aug 2016 12:04:25 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u79C4OlG020091
 for <freebsd-jail@FreeBSD.org>; Tue, 9 Aug 2016 12:04:25 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-jail@FreeBSD.org
Subject: [Bug 211580] deny system message buffer access from jails
Date: Tue, 09 Aug 2016 12:04:24 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: patch, security
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: linimon@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: keywords
Message-ID: <bug-211580-9824-uQ3qKBLIbp@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-211580-9824@https.bugs.freebsd.org/bugzilla/>
References: <bug-211580-9824@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2016 12:04:26 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211580

Mark Linimon <linimon@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |patch

--=20
You are receiving this mail because:
You are the assignee for the bug.=