Re: Closing information leaks in jails?

From: Benjamin Lutz (benlutz_at_datacomm.ch)
Date: 08/18/05

  • Next message: Pawel Jakub Dawidek: "Re: Closing information leaks in jails?" 
    Date: Thu, 18 Aug 2005 17:18:30 +0200
To: Attila Nagy <bra@fsn.hu>

    Attila Nagy wrote:
    > Hello,
    >
    > I'm wondering about closing some information leaks in FreeBSD jails from
    > the "outside world".
    >
    > Not that critical (depends on the application), but a simple user, with
    > restricted devfs in the jail (devfsrules_jail for example from
    > /etc/defaults/devfs.rules) can figure out the following:

    [...]

    > - full dmesg output after boot and the kernel buffer when it overflows
    > (can contain sensitive information)

    If it's sensitive in so far as it endangers the privacy of local
    non-jailed users, I think that's a bug that'd need fixing.

    > - information about geom providers (at least geom mirror list works)
    > - the list of the loaded kernel modules via kldstat
    > - some interesting information about the network related stuff via netstat
    > - information about configured swap space via swapinfo
    > - NFS related statistics via nfsstat
    > - a lot of interesting stuff via sysctl

    I'm not sure why hiding the mentioned information is bad. It only
    contains machine-specific data, and at best the private information a
    jailed user will be able to figure out is the machine's usage patterns
    (yes, crypto folks don't like that, but c'mon...). Hiding that data
    isn't real security.

    Besides, the user can only gain the data if he can execute the binaries
    that provide it. Why not remove, say, the geom programs (and at the same
    time make it impossible to execute new programs? Eg only make the
    home/tmp dirs writeable, but put those on a noexec partition). That
    should make it hard enough to access geom data.

    Cheers
    Benjamin

  • Next message: Pawel Jakub Dawidek: "Re: Closing information leaks in jails?"