Date: Thu, 14 Jun 2001 14:35:58 +0100 From: David Malone <dwmalone@maths.tcd.ie> To: freebsd-audit@freebsd.org Cc: des@freebsd.org, rwatson@freebsd.org Subject: Allowing ident in a jail. Message-ID: <200106141435.aa12577@salmon.maths.tcd.ie>
next in thread | raw e-mail | index | archive | help
PR 28107 raises the issue that identd doesn't work inside a jail. This is because the getcred sysctl used to impliment the ident lookup doesn't allow a jailed root. This is probably reasonably sendible, as you don't want to leak info about other jails. However, I think it's possible to modify the getcred sysctls to use u_cansee to determine if the credentials associated with a socket and be viewed by the getcred caller. The way things work at the moment is that at the time a socket is created with the socket(2) call the credentials of the creating process are attached to that socket. Thus, if you call u_cansee on the cerdentials of the socket and the credentials of the process doing the getcred you should get the following semantics: 1) A unjailed getcred caller can get the creds for any socket. 2) A jailed getcred caller can only get the creds for a socket if that socket was created by a process in the same jail. This seems pretty safe and doesn't really leak any info from jail to jail. I've included a patch below which compiles, but which I haven't had a chance to test fully yet. I'd like to know what people think of this patch. I'm not sure if Robert would consider this an abuse of u_cansee. David. --- tcp_subr.c.orig Thu Jun 14 13:46:01 2001 +++ tcp_subr.c Thu Jun 14 13:52:24 2001 @@ -880,7 +880,7 @@ struct inpcb *inp; int error, s; - error = suser(req->p); + error = suser_xxx(0, req->p, PRISON_ROOT); if (error) return (error); error = SYSCTL_IN(req, addrs, sizeof(addrs)); @@ -893,6 +893,9 @@ error = ENOENT; goto out; } + error = u_cansee(req->p->p_ucred, inp->inp_socket->so_cred); + if (error) + goto out; bzero(&xuc, sizeof(xuc)); xuc.cr_uid = inp->inp_socket->so_cred->cr_uid; xuc.cr_ngroups = inp->inp_socket->so_cred->cr_ngroups; @@ -916,7 +919,7 @@ struct inpcb *inp; int error, s, mapped = 0; - error = suser(req->p); + error = suser_xxx(0, req->p, PRISON_ROOT); if (error) return (error); error = SYSCTL_IN(req, addrs, sizeof(addrs)); @@ -945,6 +948,9 @@ error = ENOENT; goto out; } + error = u_cansee(req->p->p_ucred, inp->inp_socket->so_cred); + if (error) + goto out; bzero(&xuc, sizeof(xuc)); xuc.cr_uid = inp->inp_socket->so_cred->cr_uid; xuc.cr_ngroups = inp->inp_socket->so_cred->cr_ngroups; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi? <200106141435.aa12577>