Date: Fri, 1 Aug 2003 23:02:02 +0400 (MSD) From: Dmitry Morozovsky <marck@rinet.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/55163: [patch] hide kld system details from jails Message-ID: <200308011902.h71J22ha087369@woozle.rinet.ru> Resent-Message-ID: <200308011910.h71JAJ81074108@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 55163 >Category: kern >Synopsis: [patch] hide kld system details from jails >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Aug 01 12:10:18 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Dmitry Morozovsky >Release: FreeBSD 4-STABLE i386 >Organization: Cronyx Plus LLC (RiNet ISP) >Environment: System: FreeBSD 4-STABLE >Description: It would be useful if we could hide kernel modules structure from jailed processes. The following patch (against -STABLE; AFAICS under -CURRENT similar functionality is achieved vim MAC) adds sysctl jail.kldread_allowed (defaults to 1 to preserve POLA) which, when cleared, disables read-only kld sysctls for jailed processes. >How-To-Repeat: [before the patch]: #jail /path/to/jail/root jail.host.name 10.0.0.1 /bin/sh #kldstat Id Refs Address Size Name 1 8 0xc0100000 172230 kernel ... # [after the patch]: #sysctl jail.kldread_allowed=0 jail.kldread_allowed: 1 -> 0 #jail /path/to/jail/root jail.host.name 10.0.0.1 /bin/sh #kldstat Id Refs Address Size Name # >Fix: Index: sys/sys/jail.h =================================================================== RCS file: /home/ncvs/src/sys/sys/jail.h,v retrieving revision 1.8.2.2 diff -u -r1.8.2.2 jail.h --- sys/sys/jail.h 1 Nov 2000 17:58:06 -0000 1.8.2.2 +++ sys/sys/jail.h 1 Aug 2003 18:50:06 -0000 @@ -49,6 +49,7 @@ extern int jail_set_hostname_allowed; extern int jail_socket_unixiproute_only; extern int jail_sysvipc_allowed; +extern int jail_kldread_allowed; #endif /* !_KERNEL */ #endif /* !_SYS_JAIL_H_ */ Index: sys/kern/kern_jail.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_jail.c,v retrieving revision 1.6.2.3 diff -u -r1.6.2.3 kern_jail.c --- sys/kern/kern_jail.c 17 Aug 2001 01:00:26 -0000 1.6.2.3 +++ sys/kern/kern_jail.c 1 Aug 2003 18:50:06 -0000 @@ -44,6 +44,11 @@ &jail_sysvipc_allowed, 0, "Processes in jail can use System V IPC primitives"); +int jail_kldread_allowed = 1; +SYSCTL_INT(_jail, OID_AUTO, kldread_allowed, CTLFLAG_RW, + &jail_kldread_allowed, 0, + "Processes in jail can query kld system"); + int jail(p, uap) struct proc *p; Index: sys/kern/kern_linker.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_linker.c,v retrieving revision 1.41.2.3 diff -u -r1.41.2.3 kern_linker.c --- sys/kern/kern_linker.c 21 Nov 2001 17:50:35 -0000 1.41.2.3 +++ sys/kern/kern_linker.c 1 Aug 2003 18:50:06 -0000 @@ -43,6 +43,7 @@ #include <sys/namei.h> #include <sys/vnode.h> #include <sys/sysctl.h> +#include <sys/jail.h> #include <vm/vm_zone.h> @@ -727,6 +728,9 @@ linker_file_t lf; int error = 0; + if (!jail_kldread_allowed && p && p->p_prison) + return EPERM; + p->p_retval[0] = -1; filename = malloc(MAXPATHLEN, M_TEMP, M_WAITOK); @@ -755,6 +759,9 @@ linker_file_t lf; int error = 0; + if (!jail_kldread_allowed && p && p->p_prison) + return EPERM; + if (SCARG(uap, fileid) == 0) { if (TAILQ_FIRST(&linker_files)) p->p_retval[0] = TAILQ_FIRST(&linker_files)->id; @@ -784,6 +791,9 @@ struct kld_file_stat* stat; int namelen; + if (!jail_kldread_allowed && p && p->p_prison) + return EPERM; + lf = linker_find_file_by_id(SCARG(uap, fileid)); if (!lf) { error = ENOENT; @@ -828,6 +838,9 @@ linker_file_t lf; int error = 0; + if (!jail_kldread_allowed && p && p->p_prison) + return EPERM; + lf = linker_find_file_by_id(SCARG(uap, fileid)); if (lf) { if (TAILQ_FIRST(&lf->modules)) @@ -849,6 +862,9 @@ linker_file_t lf; struct kld_sym_lookup lookup; int error = 0; + + if (!jail_kldread_allowed && p && p->p_prison) + return EPERM; if ((error = copyin(SCARG(uap, data), &lookup, sizeof(lookup))) != 0) goto out; >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200308011902.h71J22ha087369>