Date: Fri, 6 Sep 2013 22:18:26 +0400 From: Gleb Smirnoff <glebius@FreeBSD.org> To: Jamie Gritton <jamie@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r255316 - head/sys/kern Message-ID: <20130906181826.GL4574@FreeBSD.org> In-Reply-To: <201309061732.r86HWTha054904@svn.freebsd.org> References: <201309061732.r86HWTha054904@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 06, 2013 at 05:32:29PM +0000, Jamie Gritton wrote: J> Author: jamie J> Date: Fri Sep 6 17:32:29 2013 J> New Revision: 255316 J> URL: http://svnweb.freebsd.org/changeset/base/255316 J> J> Log: J> Keep PRIV_KMEM_READ permitted inside jails as it is on the outside. J> J> Modified: J> head/sys/kern/kern_jail.c J> J> Modified: head/sys/kern/kern_jail.c J> ============================================================================== J> --- head/sys/kern/kern_jail.c Fri Sep 6 17:19:57 2013 (r255315) J> +++ head/sys/kern/kern_jail.c Fri Sep 6 17:32:29 2013 (r255316) J> @@ -3885,6 +3885,13 @@ prison_priv_check(struct ucred *cred, in J> case PRIV_VFS_SETGID: J> case PRIV_VFS_STAT: J> case PRIV_VFS_STICKYFILE: J> + J> + /* J> + * As in the non-jail case, non-root users are expected to be J> + * able to read kernel/phyiscal memory (provided /dev/[k]mem J> + * exists in the jail and they have permission to access it). J> + */ J> + case PRIV_KMEM_READ: J> return (0); J> J> /* Was that discussed anywhere or reviewed by anyone? -- Totus tuus, Glebius.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130906181826.GL4574>