Bug 272092 - The 'see_jail_proc' security policy still allows signaling and debugging sub-jails' processes
Summary: The 'see_jail_proc' security policy still allows signaling and debugging sub-...
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: Olivier Certner
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-06-20 12:38 UTC by Olivier Certner
Modified: 2024-01-05 15:47 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Olivier Certner freebsd_committer freebsd_triage 2023-06-20 12:38:52 UTC 
More details and fix to be referenced after the bug creation.
Comment 1 commit-hook freebsd_committer freebsd_triage 2023-09-28 15:11:20 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=5817169bc4a06a35aa5ef7f5ed18f6cb35037e18

commit 5817169bc4a06a35aa5ef7f5ed18f6cb35037e18
Author:     Olivier Certner <olce.freebsd@certner.fr>
AuthorDate: 2023-08-17 23:54:38 +0000
Commit:     Mitchell Horne <mhorne@FreeBSD.org>
CommitDate: 2023-09-28 14:59:08 +0000

    Fix 'security.bsd.see_jail_proc' by using cr_bsd_visible()

    As implemented, this security policy would only prevent seeing processes
    in sub-jails, but would not prevent sending signals to, changing
    priority of or debugging processes in these, enabling attacks where
    unprivileged users could tamper with random processes in sub-jails in
    particular circumstances (conflated UIDs) despite the policy being
    enforced.

    PR:                     272092
    Reviewed by:            mhorne
    MFC after:              2 weeks
    Sponsored by:           Kumacom SAS
    Differential Revision:  https://reviews.freebsd.org/D40628

 sys/kern/kern_prot.c  | 25 +++++++------------------
 sys/netinet/in_prot.c |  4 +---
 2 files changed, 8 insertions(+), 21 deletions(-)
Comment 2 commit-hook freebsd_committer freebsd_triage 2023-10-17 19:44:07 UTC 
A commit in branch stable/14 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=e1153205a719c6cb792cb2213a3737ee6b53d59c

commit e1153205a719c6cb792cb2213a3737ee6b53d59c
Author:     Olivier Certner <olce.freebsd@certner.fr>
AuthorDate: 2023-08-17 23:54:38 +0000
Commit:     Mitchell Horne <mhorne@FreeBSD.org>
CommitDate: 2023-10-17 19:42:58 +0000

    Fix 'security.bsd.see_jail_proc' by using cr_bsd_visible()

    As implemented, this security policy would only prevent seeing processes
    in sub-jails, but would not prevent sending signals to, changing
    priority of or debugging processes in these, enabling attacks where
    unprivileged users could tamper with random processes in sub-jails in
    particular circumstances (conflated UIDs) despite the policy being
    enforced.

    PR:                     272092
    Reviewed by:            mhorne
    MFC after:              2 weeks
    Sponsored by:           Kumacom SAS
    Differential Revision:  https://reviews.freebsd.org/D40628

    (cherry picked from commit 5817169bc4a06a35aa5ef7f5ed18f6cb35037e18)

 sys/kern/kern_prot.c  | 25 +++++++------------------
 sys/netinet/in_prot.c |  4 +---
 2 files changed, 8 insertions(+), 21 deletions(-)
Comment 3 commit-hook freebsd_committer freebsd_triage 2023-10-18 18:05:03 UTC 
A commit in branch releng/14.0 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=7e21c691f295b3babc8c57c0aeafa19faf1371b6

commit 7e21c691f295b3babc8c57c0aeafa19faf1371b6
Author:     Olivier Certner <olce.freebsd@certner.fr>
AuthorDate: 2023-08-17 23:54:38 +0000
Commit:     Mitchell Horne <mhorne@FreeBSD.org>
CommitDate: 2023-10-18 17:59:51 +0000

    Fix 'security.bsd.see_jail_proc' by using cr_bsd_visible()

    As implemented, this security policy would only prevent seeing processes
    in sub-jails, but would not prevent sending signals to, changing
    priority of or debugging processes in these, enabling attacks where
    unprivileged users could tamper with random processes in sub-jails in
    particular circumstances (conflated UIDs) despite the policy being
    enforced.

    Approved by:            re (gjb)
    PR:                     272092
    Reviewed by:            mhorne
    Sponsored by:           Kumacom SAS
    Differential Revision:  https://reviews.freebsd.org/D40628

    (cherry picked from commit 5817169bc4a06a35aa5ef7f5ed18f6cb35037e18)
    (cherry picked from commit abfcae344feb89c635616769d12150f84c96c003)

 sys/kern/kern_prot.c  | 25 +++++++------------------
 sys/netinet/in_prot.c |  4 +---
 2 files changed, 8 insertions(+), 21 deletions(-)
Comment 4 commit-hook freebsd_committer freebsd_triage 2023-12-21 13:45:08 UTC 
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=9a4a7e5fb6e901e81c8e64a988358ad4b59464a5

commit 9a4a7e5fb6e901e81c8e64a988358ad4b59464a5
Author:     Olivier Certner <olce.freebsd@certner.fr>
AuthorDate: 2023-08-17 23:54:38 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2023-12-21 13:36:17 +0000

    Fix 'security.bsd.see_jail_proc' by using cr_bsd_visible()

    As implemented, this security policy would only prevent seeing processes
    in sub-jails, but would not prevent sending signals to, changing
    priority of or debugging processes in these, enabling attacks where
    unprivileged users could tamper with random processes in sub-jails in
    particular circumstances (conflated UIDs) despite the policy being
    enforced.

    PR:                     272092
    Reviewed by:            mhorne
    Sponsored by:           Kumacom SAS
    Differential Revision:  https://reviews.freebsd.org/D40628

    (cherry picked from commit 5817169bc4a06a35aa5ef7f5ed18f6cb35037e18)

    Approved by:    markj (mentor)

 sys/kern/kern_prot.c  | 25 +++++++------------------
 sys/netinet/in_prot.c |  4 +---
 2 files changed, 8 insertions(+), 21 deletions(-)
Comment 5 Olivier Certner freebsd_committer freebsd_triage 2024-01-05 15:47:43 UTC 
Assign to resolver (me).