From owner-freebsd-audit  Thu Jun 14  7: 7: 2 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4DB0437B405; Thu, 14 Jun 2001 07:06:53 -0700 (PDT)
	(envelope-from des@ofug.org)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.3) id QAA27952;
	Thu, 14 Jun 2001 16:06:50 +0200 (CEST)
	(envelope-from des@ofug.org)
X-URL: http://www.ofug.org/~des/
X-Disclaimer: The views expressed in this message do not necessarily
  coincide with those of any organisation or company with
  which I am or have been affiliated.
To: David Malone <dwmalone@maths.tcd.ie>
Cc: freebsd-audit@freebsd.org, rwatson@freebsd.org
Subject: Re: Allowing ident in a jail.
References: <200106141435.aa12577@salmon.maths.tcd.ie>
From: Dag-Erling Smorgrav <des@ofug.org>
Date: 14 Jun 2001 16:06:50 +0200
In-Reply-To: <200106141435.aa12577@salmon.maths.tcd.ie>
Message-ID: <xzphexjdukl.fsf@flood.ping.uio.no>
Lines: 22
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG

David Malone <dwmalone@maths.tcd.ie> writes:
> This seems pretty safe and doesn't really leak any info from jail
> to jail.

 - actually, this solution *does* have the potential of leaking
   information about non-jailed processes into the jail, *but*

 - to get into a scenario where a socket belonging to a non-jailed
   process is visible from within the jail, you have to jump through
   hoops and willingly do things that more or less cancel out the
   benefits of using a jail in the first place.

So while David's patch isn't really a 100% correct fix for the problem
described in the PR, it's a good enough compromise, and a much better
solution than any I expected to find.

(David already knows this; this is for the benefit of those who
haven't read the private discussion he and I had on this subject)

DES
-- 
Dag-Erling Smorgrav - des@ofug.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message