HomeFreeBSD

jail: Fix information leak.

Description

jail: Fix information leak.

There is a lack of proper visibility checking in kern.ttys sysctl handler
which leads to information leak about processes outside the current jail.

This can be demonstrated with pstat -t: when called from within a jail,
it will output all terminal devices including process groups and
session leader process IDs:

jail# pstat -t | grep pts/ | head

	      LINE   INQ  CAN  LIN  LOW  OUTQ  USE  LOW   COL  SESS  PGID STATE
	     pts/2  1920    0    0  192  1984    0  199     0  4132 27245 Oi
	     pts/3  1920    0    0  192  1984    0  199    16 24890 33627 Oi
	     pts/5     0    0    0    0     0    0    0    25 17758     0 G
	    pts/16     0    0    0    0     0    0    0     0 52495     0 G
	    pts/15     0    0    0    0     0    0    0    25 53446     0 G
	    pts/17     0    0    0    0     0    0    0  6702 33230     0 G
	    pts/19     0    0    0    0     0    0    0    14  1116     0 G
	     pts/0     0    0    0    0     0    0    0     0  2241     0 G
	    pts/23     0    0    0    0     0    0    0    20 15639     0 G
	     pts/6     0    0    0    0     0    0    0     0 44062 93792 G

jail# pstat -t | grep pts/ | wc -l

	      85

Devfs does the filtering correctly and we get only one entry:

jail# ls /dev/pts/
2

Approved by: mzaborski, secteam
MFC after: 1 week
Sponsored by: Fudo Security

(cherry picked from commit f1d0a0cbecf2c688061f35adea85bfb29c9ec893)

Details

Provenance
pjdAuthored on Jan 17 2024, 5:43 PM
markjCommitted on Feb 12 2024, 4:26 PM
Parents
rGfedb7575a920: man: support special characters in filenames
Branches
Unknown
Tags
Unknown