Closing information leaks in jails?

From: Attila Nagy (bra_at_fsn.hu)
Date: 08/18/05

Next message: Attila Nagy: "Re: Closing information leaks in jails?"

Previous message: Jacques Vidrine: "New FreeBSD Security Officer"
Next in thread: Attila Nagy: "Re: Closing information leaks in jails?"
Maybe reply: Attila Nagy: "Re: Closing information leaks in jails?"
Reply: Nate Nielsen: "Re: Closing information leaks in jails?"
Reply: Jeremie Le Hen: "Re: Closing information leaks in jails?"
Reply: Benjamin Lutz: "Re: Closing information leaks in jails?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 18 Aug 2005 16:48:18 +0200
To: freebsd-security@FreeBSD.org

Hello,

I'm wondering about closing some information leaks in FreeBSD jails from
the "outside world".

Not that critical (depends on the application), but a simple user, with
restricted devfs in the jail (devfsrules_jail for example from
/etc/defaults/devfs.rules) can figure out the following:

- network interfaces related data, via ifconfig, which contains
everything, but the primary IP address of the interfaces. It seems that
alias IPs can be viewed:
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=1a<TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
        ether 00:12:79:3d:83:c2
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.2 netmask 0xff000000

- the arp table via arp, which does contain the above interface
addresses. This can be used for example to detect other machines on the
same subnet, which communicate with the host machine.
- full dmesg output after boot and the kernel buffer when it overflows
(can contain sensitive information)
- information about geom providers (at least geom mirror list works)
- the list of the loaded kernel modules via kldstat
- some interesting information about the network related stuff via netstat
- information about configured swap space via swapinfo
- NFS related statistics via nfsstat
- a lot of interesting stuff via sysctl

and maybe more, I can't think of currently.

Are there any ways to close (some of) these?

Thanks,

-- 
Attila Nagy                                   e-mail: Attila.Nagy@fsn.hu
Adopt a directory on our free software   phone @work: +361 371 3536
server! http://www.fsn.hu/?f=brick             cell.: +3630 306 6758
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

Next message: Attila Nagy: "Re: Closing information leaks in jails?"

Previous message: Jacques Vidrine: "New FreeBSD Security Officer"
Next in thread: Attila Nagy: "Re: Closing information leaks in jails?"
Maybe reply: Attila Nagy: "Re: Closing information leaks in jails?"
Reply: Nate Nielsen: "Re: Closing information leaks in jails?"
Reply: Jeremie Le Hen: "Re: Closing information leaks in jails?"
Reply: Benjamin Lutz: "Re: Closing information leaks in jails?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]