From owner-freebsd-jail@freebsd.org Tue Oct 16 19:50:55 2018 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 84B8D10DFBB8 for ; Tue, 16 Oct 2018 19:50:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 22BA27C7FA for ; Tue, 16 Oct 2018 19:50:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id DB59F10DFBB7; Tue, 16 Oct 2018 19:50:54 +0000 (UTC) Delivered-To: jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CA00110DFBB6 for ; Tue, 16 Oct 2018 19:50:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6C3DC7C7F2 for ; Tue, 16 Oct 2018 19:50:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id BA50E100A2 for ; Tue, 16 Oct 2018 19:50:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w9GJorEP020068 for ; Tue, 16 Oct 2018 19:50:53 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w9GJorfs020067 for jail@FreeBSD.org; Tue, 16 Oct 2018 19:50:53 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 211580] deny system message buffer access from jails Date: Tue, 16 Oct 2018 19:50:50 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: patch, security X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: jamie@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Oct 2018 19:50:55 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211580 --- Comment #19 from Jamie Gritton --- (In reply to Joe Barbish from comment #18) 1. The "sysctl" command: the sysctl MIB that the command is an interface to contains a wide variety of things, many of which jails have no need to see,= and some of which (e.g. kern.hostname) are considered essential for normal operation, and doubtless some in between. Many of the jail permission bits= are already tied to specific parts of the MIB, but it doesn't make any sense to wholesale turn off the ability to retrieve data via sysctl. It might make sense to have some kind of jail-readable flag for sysctls, similar to the jail-writable flag that already exists (CTLFLAG_PRISON), but there are many per-value judgement calls to make there. 2. The "kenv" command and associated system call: none of this information looks particularly useful to jails, but neither does it look particularly dangerous. At first glance, that's a similar situation to dmesg, but the problem with the latter is there's no regulation on the kind of information that might end up in the dmesg buffer. The kernel environment from kenv is= n't so open-ended, and seems to be almost entirely boot/device options. We may want to hide those, and I doubt that showing them serves anyone any purpose, but I'm not particularly worried about the security implications. --=20 You are receiving this mail because: You are the assignee for the bug.=