Date: Mon, 22 Aug 2005 08:27:47 GMT From: Attila Nagy <bra@fsn.hu> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/85205: Minor information leak in jails - a user can view the host's ARP table Message-ID: <200508220827.j7M8RlfN021657@www.freebsd.org> Resent-Message-ID: <200508220830.j7M8UIVP015605@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 85205
>Category: kern
>Synopsis: Minor information leak in jails - a user can view the host's ARP table
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Aug 22 08:30:17 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Attila Nagy
>Release: FreeBSD 5.4
>Organization:
FSN
>Environment:
FreeBSD clytaemnestra 5.4-STABLE FreeBSD 5.4-STABLE #3: Thu Aug 11 13:00:47 CEST 2005 root@clytaemnestra:/usr/obj/usr/src/sys/CLYTAEMNESTRA i386
>Description:
A user can view the host's ARP table with -for example- arp -an in a jail. This can reveal some IP (and MAC) addresses on the local networks and the frequency of the communication (ARP timeouts). This can be undesirable in some situations.
>How-To-Repeat:
Jail a user and issue arp -an.
>Fix:
It would be very good to have an option, similar to security.bsd.unprivileged_read_msgbuf to disable this kind of behaviour.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200508220827.j7M8RlfN021657>