On 09/07/13 01:03, Slawa Olhovchenkov wrote:
> On Sat, Sep 07, 2013 at 12:06:32AM -0700, Colin Percival wrote:
>
>> On 09/07/13 00:03, Gleb Smirnoff wrote:
>>> Does that mean that we always have had ability for a jail-root to
>>> investigate kernel memory?
>>
>> Only if you're crazy enough to have
On Sat, Sep 07, 2013 at 12:06:32AM -0700, Colin Percival wrote:
> On 09/07/13 00:03, Gleb Smirnoff wrote:
> > Does that mean that we always have had ability for a jail-root to
> > investigate kernel memory?
>
> Only if you're crazy enough to have a /dev/kmem inside your jail.
Have we ability to
On 09/07/13 00:03, Gleb Smirnoff wrote:
> Does that mean that we always have had ability for a jail-root to
> investigate kernel memory?
Only if you're crazy enough to have a /dev/kmem inside your jail.
--
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap |
Jamie,
On Fri, Sep 06, 2013 at 12:59:06PM -0600, Jamie Gritton wrote:
J> > J> +
J> > J> + /*
J> > J> +* As in the non-jail case, non-root users are expected
to be
J> > J> +* able to read kernel/phyiscal memory (provided
/dev/[k]mem
J> > J> +
On Fri, Sep 06, 2013 at 05:32:29PM +, Jamie Gritton wrote:
J> Author: jamie
J> Date: Fri Sep 6 17:32:29 2013
J> New Revision: 255316
J> URL: http://svnweb.freebsd.org/changeset/base/255316
J>
J> Log:
J> Keep PRIV_KMEM_READ permitted inside jails as it is on the outside.
J>
J> Modified:
J>
Author: jamie
Date: Fri Sep 6 17:32:29 2013
New Revision: 255316
URL: http://svnweb.freebsd.org/changeset/base/255316
Log:
Keep PRIV_KMEM_READ permitted inside jails as it is on the outside.
Modified:
head/sys/kern/kern_jail.c
Modified: head/sys/kern/kern_jail.c
On 09/06/13 12:18, Gleb Smirnoff wrote:
> On Fri, Sep 06, 2013 at 05:32:29PM +, Jamie Gritton wrote:
> J> Author: jamie
> J> Date: Fri Sep 6 17:32:29 2013
> J> New Revision: 255316
> J> URL: http://svnweb.freebsd.org/changeset/base/255316
> J>
> J> Log:
> J> Keep PRIV_KMEM_READ permitted in
