Date: Sun, 15 Feb 2004 17:24:55 +0100 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Robert Watson <rwatson@FreeBSD.org> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern kern_jail.c Message-ID: <20040215162455.GZ14639@garage.freebsd.pl> In-Reply-To: <200402141919.i1EJJmKY089610@repoman.freebsd.org> References: <200402141919.i1EJJmKY089610@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--vMk55pD2JuhdWiRw
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sat, Feb 14, 2004 at 11:19:48AM -0800, Robert Watson wrote:
+> Commiter: Robert Watson <rwatson@FreeBSD.org>
+> Branch: HEAD
+>=20
+> Files:
+> 1.38 src/sys/kern/kern_jail.c =20
+>=20
+> Log:
+> By default, don't allow processes in a jail to list the set of
+> jails in the system. Previous behavior (allowed) may be restored
+> by setting security.jail.list_allowed=3D1.
Are you planning to leave this sysctl?
IMHO the previous behaviour was just bad, this was a bug, and restoring
this behaviour shouldn't be permitted.
But if this sysctl is just a temporary solution and will be removed in
the future, it is ok (but maybe BURN_BRIDGES should be added?).
PS. This functionality is quite fresh, I'm not sure if someone started
to depend on it...
--=20
Pawel Jakub Dawidek http://www.FreeBSD.org
pjd@FreeBSD.org http://garage.freebsd.pl
FreeBSD committer Am I Evil? Yes, I Am!
--vMk55pD2JuhdWiRw
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iD8DBQFAL51XForvXbEpPzQRAg8KAJkBHBzBeemFesTSMv6iwsXyz3JKXwCfSV31
8N1jJ4PkbSEAs9dy8VvKn84=
=lAwr
-----END PGP SIGNATURE-----
--vMk55pD2JuhdWiRw--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040215162455.GZ14639>