From owner-freebsd-bugs@FreeBSD.ORG Mon Apr 17 15:10:18 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D44B216A40A for ; Mon, 17 Apr 2006 15:10:18 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id D229C43D48 for ; Mon, 17 Apr 2006 15:10:17 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k3HFAH1F054365 for ; Mon, 17 Apr 2006 15:10:17 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k3HFAHBj054364; Mon, 17 Apr 2006 15:10:17 GMT (envelope-from gnats) Resent-Date: Mon, 17 Apr 2006 15:10:17 GMT Resent-Message-Id: <200604171510.k3HFAHBj054364@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Cheng-Lung Sung Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5293B16A400 for ; Mon, 17 Apr 2006 15:02:09 +0000 (UTC) (envelope-from clsung@FreeBSD.csie.nctu.edu.tw) Received: from FreeBSD.csie.nctu.edu.tw (freebsd.csie.nctu.edu.tw [140.113.17.209]) by mx1.FreeBSD.org (Postfix) with ESMTP id EAA8F43D49 for ; Mon, 17 Apr 2006 15:02:08 +0000 (GMT) (envelope-from clsung@FreeBSD.csie.nctu.edu.tw) Received: from localhost (localhost.csie.nctu.edu.tw [127.0.0.1]) by FreeBSD.csie.nctu.edu.tw (Postfix) with ESMTP id 6CFC47E8F3; Mon, 17 Apr 2006 23:02:12 +0800 (CST) Received: from FreeBSD.csie.nctu.edu.tw ([127.0.0.1]) by localhost (FreeBSD.csie.nctu.edu.tw [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GA3B+w8DlqcP; Mon, 17 Apr 2006 23:02:11 +0800 (CST) Received: by FreeBSD.csie.nctu.edu.tw (Postfix, from userid 1038) id A2A517E99A; Mon, 17 Apr 2006 23:02:11 +0800 (CST) Message-Id: <20060417150211.A2A517E99A@FreeBSD.csie.nctu.edu.tw> Date: Mon, 17 Apr 2006 23:02:11 +0800 (CST) From: Cheng-Lung Sung To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: clsung@gmail.com Subject: kern/95925: security.jail.jailed should be more secure X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Cheng-Lung Sung List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Apr 2006 15:10:18 -0000 >Number: 95925 >Category: kern >Synopsis: security.jail.jailed should be more secure >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Mon Apr 17 15:10:17 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Cheng-Lung Sung >Release: FreeBSD 6.1-PRERELEASE i386 >Organization: FreeBSD @ Taiwan >Environment: System: FreeBSD FreeBSD.csie.nctu.edu.tw 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #7: Thu Apr 13 03:20:20 CST 2006 root@FreeBSD.csie.nctu.edu.tw:/home/usr.obj/usr/src/sys/FREEBSD i386 >Description: security.jail.jailed can be too easily shown from in jail, since it gives *someone* changes to know if he is in jail or not. I think better only show jailed when the administrator decide to insecure his machines (i.e. securelevel <=0) >How-To-Repeat: sysctl -a | grep security.jail.jailed >Fix: --- sys/kern/kern_jail.c.orig Mon Apr 17 22:53:48 2006 +++ sys/kern/kern_jail.c Mon Apr 17 22:54:03 2006 @@ -580,5 +580,6 @@ return (error); } -SYSCTL_PROC(_security_jail, OID_AUTO, jailed, CTLTYPE_INT | CTLFLAG_RD, +SYSCTL_PROC(_security_jail, OID_AUTO, jailed, + CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_SECURE, NULL, 0, sysctl_jail_jailed, "I", "Process in jail?"); >Release-Note: >Audit-Trail: >Unformatted: