From clsung@FreeBSD.csie.nctu.edu.tw  Tue Apr 18 01:25:55 2006
Return-Path: <clsung@FreeBSD.csie.nctu.edu.tw>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C42B516A400
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 18 Apr 2006 01:25:55 +0000 (UTC)
	(envelope-from clsung@FreeBSD.csie.nctu.edu.tw)
Received: from FreeBSD.csie.nctu.edu.tw (freebsd.csie.nctu.edu.tw [140.113.17.209])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 695B443D46
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 18 Apr 2006 01:25:55 +0000 (GMT)
	(envelope-from clsung@FreeBSD.csie.nctu.edu.tw)
Received: from localhost (localhost.csie.nctu.edu.tw [127.0.0.1])
	by FreeBSD.csie.nctu.edu.tw (Postfix) with ESMTP id ED3327E941;
	Tue, 18 Apr 2006 09:25:58 +0800 (CST)
Received: from FreeBSD.csie.nctu.edu.tw ([127.0.0.1])
	by localhost (FreeBSD.csie.nctu.edu.tw [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id HJBWaUa++LZs; Tue, 18 Apr 2006 09:25:58 +0800 (CST)
Received: by FreeBSD.csie.nctu.edu.tw (Postfix, from userid 1038)
	id 829047E962; Tue, 18 Apr 2006 09:25:58 +0800 (CST)
Message-Id: <20060418012558.829047E962@FreeBSD.csie.nctu.edu.tw>
Date: Tue, 18 Apr 2006 09:25:58 +0800 (CST)
From: Cheng-Lung Sung <clsung@freebsd.org>
Reply-To: Cheng-Lung Sung <clsung@freebsd.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc: clsung@gmail.com
Subject:
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         95977
>Category:       kern
>Synopsis:       [jail] [patch] security.jail.jailed can be too easily shown from in jail
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 18 01:30:22 GMT 2006
>Closed-Date:    Thu May 04 06:18:27 GMT 2006
>Last-Modified:  Thu May 04 06:18:27 GMT 2006
>Originator:     Cheng-Lung Sung
>Release:        FreeBSD 6.1-PRERELEASE i386
>Organization:
FreeBSD @ Taiwan
>Environment:
System: FreeBSD FreeBSD.csie.nctu.edu.tw 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #7: Thu Apr 13 03:20:20 CST 2006 root@FreeBSD.csie.nctu.edu.tw:/home/usr.obj/usr/src/sys/FREEBSD i386

>Description:
	security.jail.jailed can be too easily shown from in jail,
	since it gives *someone* chances to know if he is in jail or not.
	I think better only show jailed when the administrator decide
	to insecure his machines (i.e. securelevel <=0)
>How-To-Repeat:
	sysctl -a | grep security.jail.jailed
	jexec <jid> sysctl -a |grep security.jail.jailed
>Fix:

--- sys/kern/kern_jail.c.orig	Mon Apr 17 22:53:48 2006
+++ sys/kern/kern_jail.c	Tue Apr 18 09:21:48 2006
@@ -575,7 +575,12 @@
 {
 	int error, injail;
 
-	injail = jailed(req->td->td_ucred);
+	/* secured (i.e. level 1, 2, 3...) system 
+	 * do not display if jailed */
+	if (securelevel_gt(req->td->td_ucred, 0) != 0)
+		injail = 0;
+	else
+		injail = jailed(req->td->td_ucred);
 	error = SYSCTL_OUT(req, &injail, sizeof(injail));
 
 	return (error);
>Release-Note:
>Audit-Trail:

From: Maxim Konovalov <maxim@macomnet.ru>
To: Cheng-Lung Sung <clsung@freebsd.org>
Cc: bug-followup@freebsd.org
Subject: kern/95977
Date: Thu, 4 May 2006 00:10:26 +0400 (MSD)

 Hello,
 
 You can't hide a lot with this patch.  ps ax | grep J or proc->p_flag
 & P_JAILED tests inside a jail expose the same information.
 
 -- 
 Maxim Konovalov

From: Cheng-Lung Sung <clsung@FreeBSD.org>
To: Maxim Konovalov <maxim@macomnet.ru>
Cc: Cheng-Lung Sung <clsung@freebsd.org>, bug-followup@freebsd.org
Subject: Re: kern/95977
Date: Thu, 4 May 2006 07:04:14 +0800

 --J2SCkAp4GZ/dPZZf
 Content-Type: text/plain; charset=big5
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 Hi,
 
     I knew that. So is that reasonable to let users easily find
     themselves jailed or not?
 
     If yes, please just close this pr.
     If no, I think we can discuss more -security@.
 
 Thanks,
 
 On Thu, May 04, 2006 at 12:10:26AM +0400, Maxim Konovalov wrote:
 > Hello,
 >=20
 > You can't hide a lot with this patch.  ps ax | grep J or proc->p_flag
 > & P_JAILED tests inside a jail expose the same information.
 >=20
 > --=20
 > Maxim Konovalov
 
 --=20
 Cheng-Lung Sung - clsung@
 
 --J2SCkAp4GZ/dPZZf
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.3 (FreeBSD)
 
 iD8DBQFEWTbu+AeJ85Vui8ERAn5UAJ4zzO0TZ+Rg9aFLsyDXqKalR4LXRgCfUgpK
 ayLr0tomUhuAbR69eHMs0Fw=
 =G3S2
 -----END PGP SIGNATURE-----
 
 --J2SCkAp4GZ/dPZZf--

From: Maxim Konovalov <maxim@macomnet.ru>
To: Cheng-Lung Sung <clsung@freebsd.org>
Cc: bug-followup@freebsd.org
Subject: Re: kern/95977
Date: Thu, 4 May 2006 09:37:47 +0400 (MSD)

 [...]
 >  Hi,
 >
 >      I knew that. So is that reasonable to let users easily find
 >      themselves jailed or not?
 
 I think yes, by design.  You see, there are no reasons to hide the
 sysctl invented exactly for that and in the same time leave several
 other methods to guess about jail.
 
 Moreover, security.jail.jailed is already used by at least one startup
 script and allows to re-use the same code for the system and jail
 startup.
 
 -- 
 Maxim Konovalov

From: Cheng-Lung Sung <clsung@FreeBSD.org>
To: Maxim Konovalov <maxim@macomnet.ru>
Cc: Cheng-Lung Sung <clsung@freebsd.org>, bug-followup@freebsd.org
Subject: Re: kern/95977
Date: Thu, 4 May 2006 13:42:31 +0800

 --bg08WKrSYDhXBjb5
 Content-Type: text/plain; charset=big5
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 
 Thus please close this pr.
 
 On Thu, May 04, 2006 at 09:37:47AM +0400, Maxim Konovalov wrote:
 > [...]
 > >  Hi,
 > >
 > >      I knew that. So is that reasonable to let users easily find
 > >      themselves jailed or not?
 >=20
 > I think yes, by design.  You see, there are no reasons to hide the
 > sysctl invented exactly for that and in the same time leave several
 > other methods to guess about jail.
 >=20
 > Moreover, security.jail.jailed is already used by at least one startup
 > script and allows to re-use the same code for the system and jail
 > startup.
 >=20
 > --=20
 > Maxim Konovalov
 
 --=20
 Cheng-Lung Sung - clsung@
 
 --bg08WKrSYDhXBjb5
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.3 (FreeBSD)
 
 iD8DBQFEWZRH+AeJ85Vui8ERAiuzAKCAYKZq34xrmhsqHUz6kZOGgeicWQCfXwQ2
 kCIISOsdVgCgAl8/FBx7ec0=
 =7YTI
 -----END PGP SIGNATURE-----
 
 --bg08WKrSYDhXBjb5--
State-Changed-From-To: open->closed 
State-Changed-By: maxim 
State-Changed-When: Thu May 4 05:54:00 UTC 2006 
State-Changed-Why:  
There are several methods to get know about jailed environment 
and no much sense to hide a one of them.   There is no easy way 
to hide the information about jail from the prisoners. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=95977 
>Unformatted:
