From nobody@FreeBSD.org  Tue Jun 22 05:10:06 2004
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 537F916A4CE
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 22 Jun 2004 05:10:06 +0000 (GMT)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 36F8B43D2D
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 22 Jun 2004 05:10:06 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.11/8.12.11) with ESMTP id i5M59s8d093431
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 22 Jun 2004 05:09:54 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.11/8.12.11/Submit) id i5M59sl1093430;
	Tue, 22 Jun 2004 05:09:54 GMT
	(envelope-from nobody)
Message-Id: <200406220509.i5M59sl1093430@www.freebsd.org>
Date: Tue, 22 Jun 2004 05:09:54 GMT
From: Mark Delany <sxcg2-fuwxj@qmda.emu.st>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Jail discloses all mounts and all partition sizes
X-Send-Pr-Version: www-2.3

>Number:         68190
>Category:       misc
>Synopsis:       Jail discloses all mounts and all partition sizes
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun 22 05:10:21 GMT 2004
>Closed-Date:    Tue Jun 22 07:27:18 GMT 2004
>Last-Modified:  Tue Jun 22 07:27:18 GMT 2004
>Originator:     Mark Delany
>Release:        4.10
>Organization:
>Environment:
>Description:
      A jailed prisoner can see of mounts and all file systems by the mount command and the df command.
>How-To-Repeat:
Create a jail on a particular file system      
>Fix:
      Only display the mount and file system information for the filesystem used by the jail. Better yet, don't allow mount and perhaps have df display just the quota information for that user.
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: maxim 
State-Changed-When: Tue Jun 22 07:25:19 GMT 2004 
State-Changed-Why:  
Use security.jail.getfsstatroot_only sysctl in -CURRENT. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=68190 
>Unformatted:
