Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 28 Jul 2003 09:03:53 -0700 (PDT)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: src/sys/kern kern_descrip.c
Message-ID:  <200307281603.h6SG3rss015888@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
rwatson     2003/07/28 09:03:53 PDT

  FreeBSD src repository

  Modified files:
    sys/kern             kern_descrip.c 
  Log:
  When exporting file descriptor data for threads invoking the
  kern.file sysctl, don't return information about processes that
  fail p_cansee(td, p).  This prevents sockstat and related
  programs from seeing file descriptors owned by processes not
  in the same jail as the thread, as well as having implications
  for MAC, etc.
  
  This is a partial solution: it permits an information leak about
  the number of descriptors in the sizing calculation (but this is
  not new information, you can also get it from kern.openfiles),
  and doesn't attempt to mask file descriptors based on the
  properties of the descriptor, only the process referencing it.
  However, it provides most of what you want under most
  circumstances, without complicating the locking.
  
  PR:     54211
  Based on a patch submitted by:  Pawel Jakub Dawidek <nick@garage.freebsd.pl>
  
  Revision  Changes    Path
  1.211     +11 -0     src/sys/kern/kern_descrip.c



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200307281603.h6SG3rss015888>