From owner-freebsd-security  Sun Dec  9 10:27:14 2001
Delivered-To: freebsd-security@freebsd.org
Received: from green.bikeshed.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5B17337B417; Sun,  9 Dec 2001 10:27:11 -0800 (PST)
Received: from localhost (green@localhost)
	by green.bikeshed.org (8.11.6/8.11.6) with ESMTP id fB9IRAl13742;
	Sun, 9 Dec 2001 13:27:10 -0500 (EST)
	(envelope-from green@green.bikeshed.org)
Message-Id: <200112091827.fB9IRAl13742@green.bikeshed.org>
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
To: Robert Watson <rwatson@FreeBSD.ORG>
Cc: "Crist J . Clark" <cjc@FreeBSD.ORG>, alexus <ml@db.nexgen.com>,
	freebsd-security@FreeBSD.ORG
Subject: Re: identd inside of jail 
In-Reply-To: Message from Robert Watson <rwatson@FreeBSD.ORG> 
   of "Fri, 07 Dec 2001 11:52:57 EST." <Pine.NEB.3.96L.1011207115009.42818D-100000@fledge.watson.org> 
From: "Brian F. Feldman" <green@FreeBSD.ORG>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sun, 09 Dec 2001 13:27:10 -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Robert Watson <rwatson@FreeBSD.ORG> wrote:
> 
> This problem is fixed in 5.0-CURRENT as it performs two checks in udp and
> tcp getcred: first, it checks for privilege (and permits the jail to
> succeed), and second, it checks whether the connection in question is
> visible to the current jail.  I do not currently plan to merge these
> changes to -STABLE, as they rely on changes merging the pcred and ucred
> structures, which in turn depend on a lot of other changes throughout the
> kernel in 5.0-CURRENT.  As a follow-up note, the credential management
> code in 5.0-CURRENT is substantially rewritten, and the result is much
> better enforcement of process and resource visibility, both from the
> perspective of jail, and from limiting users from seeing resources created
> by other users (such as TCP connections) when dictated by policy.

For 4.X, how about a sysctl kern.security.bsd.jail_getcred_enabled or a
jail.getcred_allowed?  That would make at least some people happy, I think.

-- 
 Brian Fundakowski Feldman           \  FreeBSD: The Power to Serve!  /
 green@FreeBSD.org                    `------------------------------'



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message