From nobody@FreeBSD.org  Mon Aug 22 08:27:50 2005
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 910A516A41F
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 22 Aug 2005 08:27:50 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 30A9643D48
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 22 Aug 2005 08:27:50 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j7M8Rlfl021658
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 22 Aug 2005 08:27:47 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id j7M8RlfN021657;
	Mon, 22 Aug 2005 08:27:47 GMT
	(envelope-from nobody)
Message-Id: <200508220827.j7M8RlfN021657@www.freebsd.org>
Date: Mon, 22 Aug 2005 08:27:47 GMT
From: Attila Nagy <bra@fsn.hu>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Minor information leak in jails - a user can view the host's ARP table
X-Send-Pr-Version: www-2.3

>Number:         85205
>Category:       kern
>Synopsis:       Minor information leak in jails - a user can view the host's ARP table
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 22 08:30:17 GMT 2005
>Closed-Date:    Sat Apr 15 11:50:40 GMT 2006
>Last-Modified:  Sat Apr 15 11:50:40 GMT 2006
>Originator:     Attila Nagy
>Release:        FreeBSD 5.4
>Organization:
FSN
>Environment:
FreeBSD clytaemnestra 5.4-STABLE FreeBSD 5.4-STABLE #3: Thu Aug 11 13:00:47 CEST 2005     root@clytaemnestra:/usr/obj/usr/src/sys/CLYTAEMNESTRA  i386

>Description:
      A user can view the host's ARP table with -for example- arp -an in a jail. This can reveal some IP (and MAC) addresses on the local networks and the frequency of the communication (ARP timeouts). This can be undesirable in some situations.
>How-To-Repeat:
      Jail a user and issue arp -an.
>Fix:
      It would be very good to have an option, similar to security.bsd.unprivileged_read_msgbuf to disable this kind of behaviour.
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: maxim 
State-Changed-When: Sat Apr 15 11:50:16 UTC 2006 
State-Changed-Why:  
Duplicate of kern/68189. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=85205 
>Unformatted:
