Date: Mon, 22 Aug 2005 08:27:47 GMT From: Attila Nagy <bra@fsn.hu> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/85205: Minor information leak in jails - a user can view the host's ARP table Message-ID: <200508220827.j7M8RlfN021657@www.freebsd.org> Resent-Message-ID: <200508220830.j7M8UIVP015605@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 85205 >Category: kern >Synopsis: Minor information leak in jails - a user can view the host's ARP table >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Aug 22 08:30:17 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Attila Nagy >Release: FreeBSD 5.4 >Organization: FSN >Environment: FreeBSD clytaemnestra 5.4-STABLE FreeBSD 5.4-STABLE #3: Thu Aug 11 13:00:47 CEST 2005 root@clytaemnestra:/usr/obj/usr/src/sys/CLYTAEMNESTRA i386 >Description: A user can view the host's ARP table with -for example- arp -an in a jail. This can reveal some IP (and MAC) addresses on the local networks and the frequency of the communication (ARP timeouts). This can be undesirable in some situations. >How-To-Repeat: Jail a user and issue arp -an. >Fix: It would be very good to have an option, similar to security.bsd.unprivileged_read_msgbuf to disable this kind of behaviour. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200508220827.j7M8RlfN021657>