]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e4a7b4f) | patch
Fix 'security.bsd.see_jail_proc' by using cr_bsd_visible()
authorOlivier Certner <olce.freebsd@certner.fr>
Thu, 17 Aug 2023 23:54:38 +0000 (01:54 +0200)
committerMitchell Horne <mhorne@FreeBSD.org>
Thu, 28 Sep 2023 14:59:08 +0000 (11:59 -0300)
commit5817169bc4a06a35aa5ef7f5ed18f6cb35037e18
tree407cc82cbc02d0e7a6ed0753e0f0027a80f4d231tree | snapshot
parente4a7b4f99cfd4931468c0866da4ae8b49cf5badbcommit | diff
Fix 'security.bsd.see_jail_proc' by using cr_bsd_visible()

As implemented, this security policy would only prevent seeing processes
in sub-jails, but would not prevent sending signals to, changing
priority of or debugging processes in these, enabling attacks where
unprivileged users could tamper with random processes in sub-jails in
particular circumstances (conflated UIDs) despite the policy being
enforced.

PR:                     272092
Reviewed by:            mhorne
MFC after:              2 weeks
Sponsored by:           Kumacom SAS
Differential Revision:  https://reviews.freebsd.org/D40628
sys/kern/kern_prot.c diff | blob | history
sys/netinet/in_prot.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.