Date: Thu, 21 May 2015 23:16:22 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 200361] net.inet.tcp.hostcache.list is jail information leak Message-ID: <bug-200361-8-gpydRAHm1A@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-200361-8@https.bugs.freebsd.org/bugzilla/> References: <bug-200361-8@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200361 Bjoern A. Zeeb <bz@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Open |In Progress --- Comment #1 from Bjoern A. Zeeb <bz@FreeBSD.org> --- Not even compile tested but if someone could make sure it does the right thing, that would be great: (1) base system should always continue to work as-is. (2) a classic jail should get an "operation not permitted" back on attempting to read. (3) for VIMAGE kernels, base system see (1), classic jail see (2), and a vnet jail should not change either. Index: tcp_hostcache.c =================================================================== --- tcp_hostcache.c (revision 283272) +++ tcp_hostcache.c (working copy) @@ -69,6 +69,7 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> #include <sys/systm.h> +#include <sys/jail.h> #include <sys/kernel.h> #include <sys/lock.h> #include <sys/mutex.h> @@ -608,6 +609,9 @@ sysctl_tcp_hc_list(SYSCTL_HANDLER_ARGS) char ip6buf[INET6_ADDRSTRLEN]; #endif + if (jailed_without_vnet(curthread->td_cred) != 0) + return (EPERM); + sbuf_new(&sb, NULL, linesize * (V_tcp_hostcache.cache_count + 1), SBUF_INCLUDENUL); -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-200361-8-gpydRAHm1A>