From owner-freebsd-stable@FreeBSD.ORG Mon Apr 3 19:09:00 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E3D216A422; Mon, 3 Apr 2006 19:09:00 +0000 (UTC) (envelope-from scrappy@hub.org) Received: from hub.org (hub.org [200.46.204.220]) by mx1.FreeBSD.org (Postfix) with ESMTP id 14E0143D48; Mon, 3 Apr 2006 19:09:00 +0000 (GMT) (envelope-from scrappy@hub.org) Received: from localhost (av.hub.org [200.46.204.144]) by hub.org (Postfix) with ESMTP id 82565823C42; Mon, 3 Apr 2006 16:08:56 -0300 (ADT) Received: from hub.org ([200.46.204.220]) by localhost (av.hub.org [200.46.204.144]) (amavisd-new, port 10024) with ESMTP id 61877-09; Mon, 3 Apr 2006 16:08:58 -0300 (ADT) Received: from ganymede.hub.org (blk-222-82-85.eastlink.ca [24.222.82.85]) by hub.org (Postfix) with ESMTP id 71402823C31; Mon, 3 Apr 2006 16:08:55 -0300 (ADT) Received: by ganymede.hub.org (Postfix, from userid 1000) id F399C38A6B; Mon, 3 Apr 2006 16:08:56 -0300 (ADT) Received: from localhost (localhost [127.0.0.1]) by ganymede.hub.org (Postfix) with ESMTP id EA6A6341E8; Mon, 3 Apr 2006 16:08:56 -0300 (ADT) Date: Mon, 3 Apr 2006 16:08:56 -0300 (ADT) From: "Marc G. Fournier" To: Peter Jeremy In-Reply-To: <20060403185046.GC683@turion.vk2pj.dyndns.org> Message-ID: <20060403160752.I947@ganymede.hub.org> References: <20060403043711.GB76193@heff.fud.org.nz> <20060403185046.GC683@turion.vk2pj.dyndns.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by amavisd-new at hub.org Cc: Daniel Eischen , freebsd-stable@freebsd.org Subject: Re: [HACKERS] semaphore usage "port based"? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2006 19:09:00 -0000 On Tue, 4 Apr 2006, Peter Jeremy wrote: > On Mon, 2006-Apr-03 08:19:00 -0400, Daniel Eischen wrote: >> I don't really see what the problem is. ESRCH seems perfectly >> reasonable for trying to kill (even sig 0) a process from a >> different jail. If you're in a jail, then you shouldn't have >> knowledge of processes from other jails. > > I agree in general. The problem here is that SysV IPC isn't > jail-aware - there's a single SysV IPC address space across the > physical system. This confuses (eg) postgres because it can > see the SHM for a postgres instance in another jail but kill(2) > claims that the process associated with that SHM doesn't exist. > > There appear to be two solutions: > 1) Add a sysctl to change cr_cansignal() and/or prison_check() to > make processes visible between jails. > 2) Change SysV IPC to be jail-aware. > > The former is trivial - but has a number of security implications. And this is what is losing me ... what security implications does being able to kill(PID, 0) a process pose? I can see allowing kill(PID, TERM) a process in another jail being a very bad thing, but if its just checking whether a PID is in use or not, isn't the security issue minimal? ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664