From owner-freebsd-bugs@freebsd.org Thu Mar 17 11:32:22 2016 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0DFF0AD4438 for ; Thu, 17 Mar 2016 11:32:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DA84B908 for ; Thu, 17 Mar 2016 11:32:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u2HBWLIU011242 for ; Thu, 17 Mar 2016 11:32:21 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 208082] SHM objects cannot be isolated in jails Date: Thu, 17 Mar 2016 11:32:22 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: freebsd.bugs@whitewinterwolf.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Mar 2016 11:32:22 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D208082 Bug ID: 208082 Summary: SHM objects cannot be isolated in jails Product: Base System Version: 10.1-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: freebsd.bugs@whitewinterwolf.com Since FreeBSD 7.0, the SHM objects path are now uncorrelated from the physical file system to become just abstract objects. Probably due to this, the jail system do not provide any form of filtering anymore regarding shared memory created using this function. Therefore: - Anyone can create unauthorized communication channels between jails, - Users with enough privileges in any jail can access and modify any SHM objects system-wide, ie. shared memory objects created in any other jail and in the host system. This issue might be related to bug #48471 "private IPC for every jail", however it doesn't seem as a duplicate to me since IPCs still benefit from a minimum amount of control using some `sysctl' values, while there is currently no way to limit in any way shm_open() based memory objects sharing. Moreover, the fact that SHM objects are path-based may offer different, possibly easier to implement solutions in jail context (I have seen several claims that SHM objects created in jails were indeed handled differently than ones created in host, but I've found evidence of this). This issue has been discussed: - On the FreeBSD forum (with some sample code allowing to establish a communication channel between two jails): https://forums.freebsd.org/threads/55468/ - In the FreeBSD jail mailing list: https://lists.freebsd.org/pipermail/freebsd-jail/2016-March/003004.html --=20 You are receiving this mail because: You are the assignee for the bug.=