Date: Wed, 20 Nov 2019 14:05:54 +1100 From: Dewayne Geraghty <dewaynegeraghty@gmail.com> To: freebsd-security@freebsd.org Subject: Jails with securelevel 3 still need retpoline? Message-ID: <CAGnMC6qbqB0x_dzwdgFvdU1kgGJza2rdHOfj3D1-ULjkZdicOQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I want to have a secure platform, but would not like to degrade performance (amd64 based systems) If everything that a user touches is in a jail (sendmail, dovecot, squid, httpd, ...), and each jail is running at secure level 3 AND there are no /dev/mem nor /dev/kmem devices accessible within the jail, do I still need to mitigate unauthorised access in src.conf, prior to a build, using WITH_RETPOLINE & WITH_KERNEL_RETPOLINE? Part of the reason for concern is when I jexec into j1, j1# tty /dev/pts/8 even though there is no pts node under /dev. j1# ls /dev/ crypto fd null random stderr stdin stdout urandom zero root is further restricted as I'm also running (most) applications with unpriviledged identities (eg www) where I'm leveraging security.mac.portacl.rules. This has been on my mind for sometime, but now a decision is needed, so any advise welcome :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGnMC6qbqB0x_dzwdgFvdU1kgGJza2rdHOfj3D1-ULjkZdicOQ>