From owner-freebsd-security@FreeBSD.ORG  Fri Aug 19 13:10:39 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@FreeBSD.org
Delivered-To: freebsd-security@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 81CFE16A41F
	for <freebsd-security@FreeBSD.org>;
	Fri, 19 Aug 2005 13:10:39 +0000 (GMT)
	(envelope-from pjd@garage.freebsd.pl)
Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl
	[83.17.198.132])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E9A3A43D48
	for <freebsd-security@FreeBSD.org>;
	Fri, 19 Aug 2005 13:10:38 +0000 (GMT)
	(envelope-from pjd@garage.freebsd.pl)
Received: by mail.garage.freebsd.pl (Postfix, from userid 65534)
	id 7B00E52C84; Fri, 19 Aug 2005 15:10:36 +0200 (CEST)
Received: from localhost (pjd.wheel.pl [10.0.1.1])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.garage.freebsd.pl (Postfix) with ESMTP id A6CBB52BC4;
	Fri, 19 Aug 2005 15:10:29 +0200 (CEST)
Date: Fri, 19 Aug 2005 15:10:15 +0200
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
To: Benjamin Lutz <benlutz@datacomm.ch>
Message-ID: <20050819131015.GD21893@garage.freebsd.pl>
References: <43049FB2.1030203@fsn.hu> <4304A6C6.6090006@datacomm.ch>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="IDYEmSnFhs3mNXr+"
Content-Disposition: inline
In-Reply-To: <4304A6C6.6090006@datacomm.ch>
X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc
X-OS: FreeBSD 7.0-CURRENT i386
User-Agent: mutt-ng devel (FreeBSD)
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on 
	mail.garage.freebsd.pl
X-Spam-Level: 
X-Spam-Status: No, score=-5.9 required=3.0 tests=ALL_TRUSTED,BAYES_00 
	autolearn=ham version=3.0.4
Cc: freebsd-security@FreeBSD.org
Subject: Re: Closing information leaks in jails?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Aug 2005 13:10:39 -0000


--IDYEmSnFhs3mNXr+
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Aug 18, 2005 at 05:18:30PM +0200, Benjamin Lutz wrote:
+> > - full dmesg output after boot and the kernel buffer when it overflows
+> > (can contain sensitive information)
+>=20
+> If it's sensitive in so far as it endangers the privacy of local
+> non-jailed users, I think that's a bug that'd need fixing.

sysctl security.bsd.unprivileged_read_msgbuf=3D0

--=20
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

--IDYEmSnFhs3mNXr+
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)

iD8DBQFDBdo3ForvXbEpPzQRAjtBAJ9HyWFQme9OEANjWqFQ9smsdszBEQCfUIHk
gONi4+qlH8AhGrGWiMNZNBI=
=Q76R
-----END PGP SIGNATURE-----

--IDYEmSnFhs3mNXr+--