https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272092
--- Comment #2 from commit-h...@freebsd.org --- A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=e1153205a719c6cb792cb2213a3737ee6b53d59c commit e1153205a719c6cb792cb2213a3737ee6b53d59c Author: Olivier Certner <olce.free...@certner.fr> AuthorDate: 2023-08-17 23:54:38 +0000 Commit: Mitchell Horne <mho...@freebsd.org> CommitDate: 2023-10-17 19:42:58 +0000 Fix 'security.bsd.see_jail_proc' by using cr_bsd_visible() As implemented, this security policy would only prevent seeing processes in sub-jails, but would not prevent sending signals to, changing priority of or debugging processes in these, enabling attacks where unprivileged users could tamper with random processes in sub-jails in particular circumstances (conflated UIDs) despite the policy being enforced. PR: 272092 Reviewed by: mhorne MFC after: 2 weeks Sponsored by: Kumacom SAS Differential Revision: https://reviews.freebsd.org/D40628 (cherry picked from commit 5817169bc4a06a35aa5ef7f5ed18f6cb35037e18) sys/kern/kern_prot.c | 25 +++++++------------------ sys/netinet/in_prot.c | 4 +--- 2 files changed, 8 insertions(+), 21 deletions(-) -- You are receiving this mail because: You are the assignee for the bug.
