Page MenuHomeFreeBSD

Make kern.hostname and friends readable in capability mode
ClosedPublic

Authored by allanjude on Sep 23 2016, 2:36 PM.
Tags
None
Referenced Files
F106125809: D8015.diff
Wed, Dec 25, 7:58 PM
Unknown Object (File)
Thu, Nov 28, 4:18 PM
Unknown Object (File)
Nov 10 2024, 11:24 AM
Unknown Object (File)
Oct 17 2024, 5:00 PM
Unknown Object (File)
Oct 2 2024, 5:02 AM
Unknown Object (File)
Sep 23 2024, 12:49 AM
Unknown Object (File)
Sep 19 2024, 6:30 PM
Unknown Object (File)
Sep 19 2024, 5:19 AM
Subscribers

Diff Detail

Event Timeline

allanjude retitled this revision from to Make kern.hostname and friends readable in capability mode.
allanjude updated this object.
allanjude edited the test plan for this revision. (Show Details)
allanjude added reviewers: capsicum, cem, emaste, oshogbo, ed, bapt.

Related: D8000 :-)

rwatson's okay with kern.hostname. I don't know what the others are for so I wasn't sure enabling them was okay.

jonathan added a reviewer: jonathan.
jonathan added a subscriber: jonathan.

I think that these are all fine to make readable, for the same reason that the hostname is ok: allowing information to "leak" in a way that enables more software to use Capsicum sandboxing is a net win. If we wanted to obscure the host UUID then we should also be hiding anything that could be used to identify the machine, which seems distinctly unhelpful in our overall goal of World Domination (tm).

This revision is now accepted and ready to land.Sep 26 2016, 5:21 PM
cem edited edge metadata.

In that case, go ahead and commit this instead of my D8000, @allanjude .

This revision was automatically updated to reflect the committed changes.