From owner-freebsd-security@FreeBSD.ORG Fri Aug 19 08:20:33 2005 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3F4FC16A421 for ; Fri, 19 Aug 2005 08:20:33 +0000 (GMT) (envelope-from bra@fsn.hu) Received: from people.fsn.hu (people.fsn.hu [195.228.252.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A45A43D46 for ; Fri, 19 Aug 2005 08:20:27 +0000 (GMT) (envelope-from bra@fsn.hu) Received: from localhost (localhost [127.0.0.1]) by people.fsn.hu (Postfix) with ESMTP id 0CCD084418; Fri, 19 Aug 2005 10:20:24 +0200 (CEST) Received: from people.fsn.hu ([127.0.0.1]) by localhost (people.fsn.hu [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 79858-02; Fri, 19 Aug 2005 10:20:15 +0200 (CEST) Received: from [172.16.129.72] (japan.t-online.co.hu [195.228.243.99]) by people.fsn.hu (Postfix) with ESMTP id DC79284408; Fri, 19 Aug 2005 10:20:14 +0200 (CEST) Message-ID: <4305963E.8070404@fsn.hu> Date: Fri, 19 Aug 2005 10:20:14 +0200 From: Attila Nagy User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050725) X-Accept-Language: en-us, en MIME-Version: 1.0 To: nielsen@memberwebs.com References: <43049FB2.1030203@fsn.hu> <20050818224438.2084D70DBC6@mail.npubs.com> In-Reply-To: <20050818224438.2084D70DBC6@mail.npubs.com> Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at fsn.hu Cc: freebsd-security@FreeBSD.org Subject: Re: Closing information leaks in jails? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Aug 2005 08:20:33 -0000 Nate Nielsen wrote: > For me this only shows the alias assigned to the jail. You are right. >>- full dmesg output after boot and the kernel buffer when it overflows >>(can contain sensitive information) > Yes, this is important. Use: > sysctl -w security.bsd.unprivileged_read_msgbuf=0 Hmm, thanks, that was a new info for me. > only shows connections to the current jail. It does show the output from > 'netstat -m' and those sort of things, but those say nothing over the > network load of the current machine. Yes, they are not that critical. >>- information about configured swap space via swapinfo > Not sure I see how this could be used against you. Nothing bad, but I can imagine a situation where the operator of the host machine wants to hide everything about the real specifications. For example if the machine is overbooked and the swap is lightly or heavily used, etc. >>- NFS related statistics via nfsstat > Again only statistics. Not sure how this is a problem. For me, they are not, just another thing, which could be guessed about the host and not the jail (if I am right). >>- a lot of interesting stuff via sysctl > Yes, there's a lot there, but a lot *is* filtered out in a jail. Yep. > My suggestion would be to file bugs one by one for each piece of > information that causes you concern along with the reasoning of why that > information is dangerous or sensitive. The biggest issue for me was dmesg and the ARP table. All of the others were there, because I wanted to know, what else could an unprivileged user guess about the host. I will open a PR with the ARP table issue. > The FreeBSD developers have been atentive to these things, and have > added functionality in almost each release to minimize information > available in a jail. So pointing specific issues out will probably get > good results. Yes, last time I checked these, the user in a jail could list all of the mounted file systems. Now it is less chatty. :) Thanks, -- Attila Nagy e-mail: Attila.Nagy@fsn.hu Adopt a directory on our free software phone @work: +361 371 3536 server! http://www.fsn.hu/?f=brick cell.: +3630 306 6758