From owner-freebsd-current@FreeBSD.ORG Fri May 21 05:32:35 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9835B16A4CE for ; Fri, 21 May 2004 05:32:35 -0700 (PDT) Received: from corrupt.co.nz (222-152-5-29.jetstream.xtra.co.nz [222.152.5.29]) by mx1.FreeBSD.org (Postfix) with SMTP id 678A743D46 for ; Fri, 21 May 2004 05:32:32 -0700 (PDT) (envelope-from drew@corrupt.co.nz) Received: (qmail 4692 invoked by uid 1011); 21 May 2004 12:32:07 -0000 Received: from drew@corrupt.co.nz by mail.corrupt.co.nz by uid 1009 with qmail-scanner-1.20st Clear:RC:0(10.10.69.1):SA:0(0.0/3.8):. Processed in 1.052739 secs); 21 May 2004 12:32:07 -0000 X-Spam-Status: No, hits=0.0 required=3.8 Received: from unknown (HELO corrupt.co.nz) (drew@corrupt.co.nz@10.10.69.1) by corrupt.co.nz with SMTP; 21 May 2004 12:32:05 -0000 Message-ID: <40ADF696.1020800@corrupt.co.nz> Date: Sat, 22 May 2004 00:31:18 +1200 From: Drew Broadley User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040505 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Pawel Jakub Dawidek References: <20040520220145.GN4567@genius.tao.org.uk> <20040521080218.GY845@darkness.comp.waw.pl> In-Reply-To: <20040521080218.GY845@darkness.comp.waw.pl> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: Josef Karthauser cc: freebsd-current@freebsd.org Subject: Re: Call for a hacker.... security.bsd.see_other_uids in jails only X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 May 2004 12:32:35 -0000 Pawel Jakub Dawidek wrote: >On Thu, May 20, 2004 at 11:01:45PM +0100, Josef Karthauser wrote: >+> I was wondering whether someone might help me out. >+> >+> There's a couple of sysctls in -current: >+> >+> security.bsd.see_other_uids: 1 >+> security.bsd.see_other_gids: 1 >+> >+> These effectively allow one to prevent users from spying on each >+> other. >+> >+> What I need to do is to disable these within jails, but not in the >+> host enviroment. The reason I need this is that I'm running the >+> FreeBSD election on a box of mine, but I don't want to have to clear >+> these globally. >+> >+> Would someone have the time to hack me a patch to do this? It doesn't >+> have to be clean, although evenually I'd like to see something like >+> this committed to freebsd operating on a sysctl. > >Implementation wouldn't be probably too hard, but I can't agree it should >be committed. We need to know where jail's virtualization ends and I think >it is too far. Of course it will be cool to have those sysctl on per-jail >basics, as well as others from security.bsd. tree >(like security.bsd.suser_enabled), but I'm not sure this is the right way >to go. > >Any other opinions? If someone convince me we should do it, I can do it. > > Surely this persons requirements are far and beyond what chroot (jail) has to offer. If they want the ability to change sysctl values per jail, why not just set up virtual machines per user ? Surely this would give him the flexibility he needs and the pure security of users not seeing other users jails ? That's my two cent's, and it saves a lot of unnecessary hard work. - Drew