Date: Sat, 7 Sep 2013 11:03:13 +0400 From: Gleb Smirnoff <glebius@FreeBSD.org> To: Jamie Gritton <jamie@FreeBSD.org> Cc: svn-src-head@FreeBSD.org, svn-src-all@FreeBSD.org, src-committers@FreeBSD.org Subject: Re: svn commit: r255316 - head/sys/kern Message-ID: <20130907070313.GO4574@FreeBSD.org> In-Reply-To: <522A25FA.5060008@FreeBSD.org> References: <201309061732.r86HWTha054904@svn.freebsd.org> <20130906181826.GL4574@FreeBSD.org> <522A25FA.5060008@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jamie, On Fri, Sep 06, 2013 at 12:59:06PM -0600, Jamie Gritton wrote: J> > J> + J> > J> + /* J> > J> + * As in the non-jail case, non-root users are expected to be J> > J> + * able to read kernel/phyiscal memory (provided /dev/[k]mem J> > J> + * exists in the jail and they have permission to access it). J> > J> + */ J> > J> + case PRIV_KMEM_READ: J> > J> return (0); J> > J> J> > J> /* J> > J> > Was that discussed anywhere or reviewed by anyone? J> J> Yes, it was brought up by jase@ in src-committers last week, noting that J> my original PRIV_KMEM_* commit (r252841) broke existing jail behavior. J> The entire "discussion" was the mention of the problem and my mention of J> what it would take to fix it. There was no code review as such, but that J> seemed appropriate for an obvious one-liner. I'm sorry then. Does that mean that we always have had ability for a jail-root to investigate kernel memory? -- Totus tuus, Glebius.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130907070313.GO4574>