From owner-freebsd-current@FreeBSD.ORG Sun Feb 5 14:08:56 2006 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D01A16A422 for ; Sun, 5 Feb 2006 14:08:56 +0000 (GMT) (envelope-from bkoenig@cs.tu-berlin.de) Received: from efacilitas.de (smtp.efacilitas.de [85.10.196.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0ECBE43D45 for ; Sun, 5 Feb 2006 14:08:55 +0000 (GMT) (envelope-from bkoenig@cs.tu-berlin.de) Received: from eurystheus.local (port-212-202-169-72.dynamic.qsc.de [212.202.169.72]) by efacilitas.de (Postfix) with ESMTP id 510814C7D0 for ; Sun, 5 Feb 2006 15:18:14 +0100 (CET) Received: from [192.168.1.13] (unknown [192.168.1.13]) by eurystheus.local (Postfix) with ESMTP id 632F35285F for ; Sun, 5 Feb 2006 15:07:36 +0100 (CET) Message-ID: <43E60708.9000902@cs.tu-berlin.de> Date: Sun, 05 Feb 2006 15:09:12 +0100 From: =?ISO-8859-15?Q?Bj=F6rn_K=F6nig?= User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: de-DE, de, en-us, en MIME-Version: 1.0 To: current@freebsd.org Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 8bit Cc: Subject: unprivileged users are able to kill certain jailed processes X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Feb 2006 14:08:56 -0000 Hello, unprivileged users of the host environment can see jailed processes with the same user ID. Furthermore they are able to send signals to these processes. I think since users are not allowed to imprison processes there is no reason why they should see them or even kill them. Someone pointed me to this issue and I want to know what you think about this. These are some steps to reproduce: root@host # jail -Uuserxy / localhost 127.0.0.1 /bin/sleep 12345& root@host # ps a | grep sleep 2255 p2 IJ 0:00,01 /bin/sleep 12345 login as 'userxy' userxy@host $ ps a | grep sleep 2255 p2 IJ 0:00,01 /bin/sleep 12345 userxy@host $ ps a | grep sleep [nothing] This is a suggestion to eliminate this behaviour. I appreciate further testing because I hadn't much time to do it. === patch starts here === --- src/sys/kern/kern_jail.c.orig Wed Sep 28 02:30:56 2005 +++ src/sys/kern/kern_jail.c Sun Feb 5 14:42:00 2006 @@ -405,6 +405,9 @@ return (ESRCH); if (cred2->cr_prison != cred1->cr_prison) return (ESRCH); + } else { + if (jailed(cred2) && suser_cred(cred1, 0)) + return (ESRCH); } return (0); === patch ends here === Regards Björn