From owner-freebsd-bugs@FreeBSD.ORG Fri Aug 1 12:10:20 2003 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 66DD137B40F for ; Fri, 1 Aug 2003 12:10:20 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4091E43FB1 for ; Fri, 1 Aug 2003 12:10:19 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h71JAJUp074109 for ; Fri, 1 Aug 2003 12:10:19 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h71JAJ81074108; Fri, 1 Aug 2003 12:10:19 -0700 (PDT) Resent-Date: Fri, 1 Aug 2003 12:10:19 -0700 (PDT) Resent-Message-Id: <200308011910.h71JAJ81074108@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Dmitry Morozovsky Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D46F37B401 for ; Fri, 1 Aug 2003 12:02:05 -0700 (PDT) Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 79D7543FCB for ; Fri, 1 Aug 2003 12:02:04 -0700 (PDT) (envelope-from marck@woozle.rinet.ru) Received: from woozle.rinet.ru (localhost [127.0.0.1]) by woozle.rinet.ru (8.12.9/8.12.9) with ESMTP id h71J224C087370 for ; Fri, 1 Aug 2003 23:02:02 +0400 (MSD) (envelope-from marck@woozle.rinet.ru) Received: (from marck@localhost) by woozle.rinet.ru (8.12.9/8.12.9/Submit) id h71J22ha087369; Fri, 1 Aug 2003 23:02:02 +0400 (MSD) Message-Id: <200308011902.h71J22ha087369@woozle.rinet.ru> Date: Fri, 1 Aug 2003 23:02:02 +0400 (MSD) From: Dmitry Morozovsky To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: kern/55163: [patch] hide kld system details from jails X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Dmitry Morozovsky List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2003 19:10:20 -0000 >Number: 55163 >Category: kern >Synopsis: [patch] hide kld system details from jails >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Aug 01 12:10:18 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Dmitry Morozovsky >Release: FreeBSD 4-STABLE i386 >Organization: Cronyx Plus LLC (RiNet ISP) >Environment: System: FreeBSD 4-STABLE >Description: It would be useful if we could hide kernel modules structure from jailed processes. The following patch (against -STABLE; AFAICS under -CURRENT similar functionality is achieved vim MAC) adds sysctl jail.kldread_allowed (defaults to 1 to preserve POLA) which, when cleared, disables read-only kld sysctls for jailed processes. >How-To-Repeat: [before the patch]: #jail /path/to/jail/root jail.host.name 10.0.0.1 /bin/sh #kldstat Id Refs Address Size Name 1 8 0xc0100000 172230 kernel ... # [after the patch]: #sysctl jail.kldread_allowed=0 jail.kldread_allowed: 1 -> 0 #jail /path/to/jail/root jail.host.name 10.0.0.1 /bin/sh #kldstat Id Refs Address Size Name # >Fix: Index: sys/sys/jail.h =================================================================== RCS file: /home/ncvs/src/sys/sys/jail.h,v retrieving revision 1.8.2.2 diff -u -r1.8.2.2 jail.h --- sys/sys/jail.h 1 Nov 2000 17:58:06 -0000 1.8.2.2 +++ sys/sys/jail.h 1 Aug 2003 18:50:06 -0000 @@ -49,6 +49,7 @@ extern int jail_set_hostname_allowed; extern int jail_socket_unixiproute_only; extern int jail_sysvipc_allowed; +extern int jail_kldread_allowed; #endif /* !_KERNEL */ #endif /* !_SYS_JAIL_H_ */ Index: sys/kern/kern_jail.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_jail.c,v retrieving revision 1.6.2.3 diff -u -r1.6.2.3 kern_jail.c --- sys/kern/kern_jail.c 17 Aug 2001 01:00:26 -0000 1.6.2.3 +++ sys/kern/kern_jail.c 1 Aug 2003 18:50:06 -0000 @@ -44,6 +44,11 @@ &jail_sysvipc_allowed, 0, "Processes in jail can use System V IPC primitives"); +int jail_kldread_allowed = 1; +SYSCTL_INT(_jail, OID_AUTO, kldread_allowed, CTLFLAG_RW, + &jail_kldread_allowed, 0, + "Processes in jail can query kld system"); + int jail(p, uap) struct proc *p; Index: sys/kern/kern_linker.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_linker.c,v retrieving revision 1.41.2.3 diff -u -r1.41.2.3 kern_linker.c --- sys/kern/kern_linker.c 21 Nov 2001 17:50:35 -0000 1.41.2.3 +++ sys/kern/kern_linker.c 1 Aug 2003 18:50:06 -0000 @@ -43,6 +43,7 @@ #include #include #include +#include #include @@ -727,6 +728,9 @@ linker_file_t lf; int error = 0; + if (!jail_kldread_allowed && p && p->p_prison) + return EPERM; + p->p_retval[0] = -1; filename = malloc(MAXPATHLEN, M_TEMP, M_WAITOK); @@ -755,6 +759,9 @@ linker_file_t lf; int error = 0; + if (!jail_kldread_allowed && p && p->p_prison) + return EPERM; + if (SCARG(uap, fileid) == 0) { if (TAILQ_FIRST(&linker_files)) p->p_retval[0] = TAILQ_FIRST(&linker_files)->id; @@ -784,6 +791,9 @@ struct kld_file_stat* stat; int namelen; + if (!jail_kldread_allowed && p && p->p_prison) + return EPERM; + lf = linker_find_file_by_id(SCARG(uap, fileid)); if (!lf) { error = ENOENT; @@ -828,6 +838,9 @@ linker_file_t lf; int error = 0; + if (!jail_kldread_allowed && p && p->p_prison) + return EPERM; + lf = linker_find_file_by_id(SCARG(uap, fileid)); if (lf) { if (TAILQ_FIRST(&lf->modules)) @@ -849,6 +862,9 @@ linker_file_t lf; struct kld_sym_lookup lookup; int error = 0; + + if (!jail_kldread_allowed && p && p->p_prison) + return EPERM; if ((error = copyin(SCARG(uap, data), &lookup, sizeof(lookup))) != 0) goto out; >Release-Note: >Audit-Trail: >Unformatted: