Date: Tue, 31 Oct 2006 20:32:47 +0100 From: Alexander Leidinger <Alexander@Leidinger.net> To: Robert Watson <rwatson@FreeBSD.org> Cc: arch@FreeBSD.org Subject: Re: New in-kernel privilege API: priv(9) Message-ID: <20061031203247.15787e75@Magellan.Leidinger.net> In-Reply-To: <20061031092122.D96078@fledge.watson.org> References: <20061031092122.D96078@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Robert Watson <rwatson@FreeBSD.org> (Tue, 31 Oct 2006 09:43:45 +000= 0 (GMT)): > (2) Sweep of the remaining kernel files, cleaning up privilege checks, > replacing suser()/suser_cred() calls, etc, across the kernel. What about denying access to the dmesg in a jail? I noticed in the run of the periodic scripts in jails that I can see the segfaults of programs in other jails (stock -current, but I haven't seen such a privilege in your list of allowed privileges for a jail). A quick test revealed that I'm able to see the complete dmesg. =46rom an user point of view I don't want to get confused by broken stuff in a jail of someone else (shared hosting) and I don't want to let other people know what programs I run (in case they are failing). Bye, Alexander. --=20 "I suppose the secret to happiness is learning to appreciate the moment." -Calvin http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061031203247.15787e75>