From owner-freebsd-hackers@FreeBSD.ORG  Sun May 28 13:46:43 2006
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: freebsd-hackers@freebsd.org
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F2E8916A420
	for <freebsd-hackers@freebsd.org>; Sun, 28 May 2006 13:46:42 +0000 (UTC)
	(envelope-from anatoli@aksoft.net)
Received: from 26th.net (26th.net [217.79.183.16])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 652CB43D55
	for <freebsd-hackers@freebsd.org>; Sun, 28 May 2006 13:46:42 +0000 (GMT)
	(envelope-from anatoli@aksoft.net)
Received: from [192.168.0.26] (td9091c4b.pool.terralink.de [217.9.28.75])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by 26th.net (Postfix) with ESMTP id 5F45320BB78
	for <freebsd-hackers@freebsd.org>;
	Sun, 28 May 2006 15:46:38 +0200 (CEST)
Message-ID: <4479A99E.8080708@aksoft.net>
Date: Sun, 28 May 2006 15:46:06 +0200
From: Anatoli Klassen <anatoli@aksoft.net>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: freebsd-hackers@freebsd.org
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: security.bsd.see_other_uids for jails
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 28 May 2006 13:46:43 -0000

Hi All,

if security.bsd.see_other_uids is set to 0, users from the main system 
can still see processes from jails if they have (by accident) the save uid.

For me it's wrong behavior because the main system and the jail are two 
different systems where uids are independent.

Could somebody explain the case?

Regards,
Anatoli