Date: Mon, 7 May 2007 12:17:10 +0200 (CEST) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-stable@FreeBSD.ORG, list@manuelmartini.it Subject: Re: gmirror security problem on jail env? Message-ID: <200705071017.l47AHAe3013326@lurza.secnetix.de> In-Reply-To: <182867A9-ED5E-496B-980A-B70C4E90B836@manuelmartini.it>
next in thread | previous in thread | raw e-mail | index | archive | help
Manuel Martini wrote: > # sysctl -a | grep jail > [...] > security.jail.jailed: 1 > # df > Filesystem 1K-blocks Used Avail Capacity Mounted on > /dev/mirror/gm0s1g 129719744 17056610 102285556 14% / > # gmirror status > Name Status Components > mirror/gm0 COMPLETE da0 > > so I think I can do... > gmirror remove.. stop.. deactive... No, you can do "status" and "list", but everything else should result in "permission denied". Note that you can do "gmirror status" and "gmirror list" as normal user, even as user nobody. It doesn't require any special privileges, so it works in jails, too. In fact, you can get the geom status (in XML format) with the command "sysctl -b kern.geom.confxml". Unfortunately there is currently no easy way to suppress that information. If you don't want jailed users to be able to see your geom configuration, you need to modify the kernel source code. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "I started using PostgreSQL around a month ago, and the feeling is similar to the switch from Linux to FreeBSD in '96 -- 'wow!'." -- Oddbjorn Steffensen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200705071017.l47AHAe3013326>