Date: Mon, 30 Oct 2000 17:34:00 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern kern_jail.c sysv_msg.c sysv_sem.c sysv_shm.c src/sys/sys jail.h Message-ID: <200010310134.RAA51258@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2000/10/30 17:34:00 PST
Modified files:
sys/kern kern_jail.c sysv_msg.c sysv_sem.c
sysv_shm.c
sys/sys jail.h
Log:
o Deny access to System V IPC from within jail by default, as in the
current implementation, jail neither virtualizes the Sys V IPC namespace,
nor provides inter-jail protections on IPC objects.
o Support for System V IPC can be enabled by setting jail.sysvipc_allowed=1
using sysctl.
o This is not the "real fix" which involves virtualizing the System V
IPC namespace, but prevents processes within jail from influencing those
outside of jail when not approved by the administrator.
Reported by: Paulo Fragoso <paulo@nlink.com.br>
Revision Changes Path
1.8 +6 -1 src/sys/kern/kern_jail.c
1.26 +17 -1 src/sys/kern/sysv_msg.c
1.29 +14 -1 src/sys/kern/sysv_sem.c
1.49 +20 -1 src/sys/kern/sysv_shm.c
1.10 +2 -1 src/sys/sys/jail.h
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010310134.RAA51258>