Date: Thu, 18 Aug 2005 17:18:30 +0200 From: Benjamin Lutz <benlutz@datacomm.ch> To: Attila Nagy <bra@fsn.hu> Cc: freebsd-security@FreeBSD.org Subject: Re: Closing information leaks in jails? Message-ID: <4304A6C6.6090006@datacomm.ch> In-Reply-To: <43049FB2.1030203@fsn.hu> References: <43049FB2.1030203@fsn.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigBCB6E73722D46EBC03262C02 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Attila Nagy wrote: > Hello, > > I'm wondering about closing some information leaks in FreeBSD jails from > the "outside world". > > Not that critical (depends on the application), but a simple user, with > restricted devfs in the jail (devfsrules_jail for example from > /etc/defaults/devfs.rules) can figure out the following: [...] > - full dmesg output after boot and the kernel buffer when it overflows > (can contain sensitive information) If it's sensitive in so far as it endangers the privacy of local non-jailed users, I think that's a bug that'd need fixing. > - information about geom providers (at least geom mirror list works) > - the list of the loaded kernel modules via kldstat > - some interesting information about the network related stuff via netstat > - information about configured swap space via swapinfo > - NFS related statistics via nfsstat > - a lot of interesting stuff via sysctl I'm not sure why hiding the mentioned information is bad. It only contains machine-specific data, and at best the private information a jailed user will be able to figure out is the machine's usage patterns (yes, crypto folks don't like that, but c'mon...). Hiding that data isn't real security. Besides, the user can only gain the data if he can execute the binaries that provide it. Why not remove, say, the geom programs (and at the same time make it impossible to execute new programs? Eg only make the home/tmp dirs writeable, but put those on a noexec partition). That should make it hard enough to access geom data. Cheers Benjamin --------------enigBCB6E73722D46EBC03262C02 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) iD8DBQFDBKbJgShs4qbRdeQRAqZxAJ4gqQ+8Q8hbAiSCyGlleD6yBA/owgCeO8A6 Bbdm1tuPFd25sMgJPCFapIA= =boxf -----END PGP SIGNATURE----- --------------enigBCB6E73722D46EBC03262C02--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4304A6C6.6090006>