Date: Wed, 22 May 2002 21:30:33 +0200 From: Stephanie Wehner <_@r4k.net> To: freebsd-security@freebsd.org Subject: getgpid & getsid work from within a jail Message-ID: <20020522193033.GG78314@r4k.net>
next in thread | raw e-mail | index | archive | help
Hi, [this was mailed to security-officer@ already and I submitted a pr with a patch, but this is not really a serious problem and I have some questions, which you might answer] Just accidently stumbled across two (minor) problem with the freebsd jail when looking at kern_prot.c. I verified this by setting up a small jail. The system I was using is 4.6-RC cvsupd yesterday evening. It is possible to obtain the process group id and the session id of processes running outside the current jail. This is due to the fact that getsid and getgpid in sys/kern/kern_prot.c do not check if the pid that is found is within the current jail. I've submitted a test program and a patch via send-pr. Please note that this fix returns ESRCH when the process is not found and not EPERM. This is related to another problem: It is possible to verify the existance of a certain process id outside the current jail by various means. I personally see this as a minor problem, although I'm not sure if you feel this is a problem. There are some inconsistencies in the code, which either deny the existance of the process (like ps) or return permission denied instead of not found: root@testjail:~ # kill 67 bash: kill: (67) - Operation not permitted root@testjail:~ # kill 68 bash: kill: (68) - No such process root@testjail:~ # ktrace -p 67 ktrace: ktrace.out: Operation not permitted root@testjail:~ # ktrace -p 68 ktrace: ktrace.out: No such process ...I did not provide a patch for this as I wasn't sure how you want to handle this problem. Also I have been wondering why the prison check is not done within pfind (see kern_proc.c) itself ? I suppose there must be a reason for it ? btw, I've been asking myself this as well with the ps_showallprocs flag. bye, Stephanie --<> _@r4k.net <>------------------<> FreeBSD <>------------------- #3 - Anime Law of Sonic Amplification, First Law of Anime Acoustics In space, loud sounds, like explosions, are even louder because there is no air to get in the way. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020522193033.GG78314>