From owner-freebsd-bugs@FreeBSD.ORG Tue Apr 18 01:30:25 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B44916A404 for ; Tue, 18 Apr 2006 01:30:25 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 83F5E43D49 for ; Tue, 18 Apr 2006 01:30:22 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k3I1UMhB098141 for ; Tue, 18 Apr 2006 01:30:22 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k3I1UMmC098138; Tue, 18 Apr 2006 01:30:22 GMT (envelope-from gnats) Resent-Date: Tue, 18 Apr 2006 01:30:22 GMT Resent-Message-Id: <200604180130.k3I1UMmC098138@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Cheng-Lung Sung Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C42B516A400 for ; Tue, 18 Apr 2006 01:25:55 +0000 (UTC) (envelope-from clsung@FreeBSD.csie.nctu.edu.tw) Received: from FreeBSD.csie.nctu.edu.tw (freebsd.csie.nctu.edu.tw [140.113.17.209]) by mx1.FreeBSD.org (Postfix) with ESMTP id 695B443D46 for ; Tue, 18 Apr 2006 01:25:55 +0000 (GMT) (envelope-from clsung@FreeBSD.csie.nctu.edu.tw) Received: from localhost (localhost.csie.nctu.edu.tw [127.0.0.1]) by FreeBSD.csie.nctu.edu.tw (Postfix) with ESMTP id ED3327E941; Tue, 18 Apr 2006 09:25:58 +0800 (CST) Received: from FreeBSD.csie.nctu.edu.tw ([127.0.0.1]) by localhost (FreeBSD.csie.nctu.edu.tw [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HJBWaUa++LZs; Tue, 18 Apr 2006 09:25:58 +0800 (CST) Received: by FreeBSD.csie.nctu.edu.tw (Postfix, from userid 1038) id 829047E962; Tue, 18 Apr 2006 09:25:58 +0800 (CST) Message-Id: <20060418012558.829047E962@FreeBSD.csie.nctu.edu.tw> Date: Tue, 18 Apr 2006 09:25:58 +0800 (CST) From: Cheng-Lung Sung To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: clsung@gmail.com Subject: kern/95977: X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Cheng-Lung Sung List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2006 01:30:25 -0000 >Number: 95977 >Category: kern >Synopsis: >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Tue Apr 18 01:30:22 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Cheng-Lung Sung >Release: FreeBSD 6.1-PRERELEASE i386 >Organization: FreeBSD @ Taiwan >Environment: System: FreeBSD FreeBSD.csie.nctu.edu.tw 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #7: Thu Apr 13 03:20:20 CST 2006 root@FreeBSD.csie.nctu.edu.tw:/home/usr.obj/usr/src/sys/FREEBSD i386 >Description: security.jail.jailed can be too easily shown from in jail, since it gives *someone* chances to know if he is in jail or not. I think better only show jailed when the administrator decide to insecure his machines (i.e. securelevel <=0) >How-To-Repeat: sysctl -a | grep security.jail.jailed jexec sysctl -a |grep security.jail.jailed >Fix: --- sys/kern/kern_jail.c.orig Mon Apr 17 22:53:48 2006 +++ sys/kern/kern_jail.c Tue Apr 18 09:21:48 2006 @@ -575,7 +575,12 @@ { int error, injail; - injail = jailed(req->td->td_ucred); + /* secured (i.e. level 1, 2, 3...) system + * do not display if jailed */ + if (securelevel_gt(req->td->td_ucred, 0) != 0) + injail = 0; + else + injail = jailed(req->td->td_ucred); error = SYSCTL_OUT(req, &injail, sizeof(injail)); return (error); >Release-Note: >Audit-Trail: >Unformatted: