From nobody@FreeBSD.org Mon Aug 22 08:27:50 2005 Return-Path: Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 910A516A41F for ; Mon, 22 Aug 2005 08:27:50 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 30A9643D48 for ; Mon, 22 Aug 2005 08:27:50 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j7M8Rlfl021658 for ; Mon, 22 Aug 2005 08:27:47 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id j7M8RlfN021657; Mon, 22 Aug 2005 08:27:47 GMT (envelope-from nobody) Message-Id: <200508220827.j7M8RlfN021657@www.freebsd.org> Date: Mon, 22 Aug 2005 08:27:47 GMT From: Attila Nagy To: freebsd-gnats-submit@FreeBSD.org Subject: Minor information leak in jails - a user can view the host's ARP table X-Send-Pr-Version: www-2.3 >Number: 85205 >Category: kern >Synopsis: Minor information leak in jails - a user can view the host's ARP table >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Aug 22 08:30:17 GMT 2005 >Closed-Date: Sat Apr 15 11:50:40 GMT 2006 >Last-Modified: Sat Apr 15 11:50:40 GMT 2006 >Originator: Attila Nagy >Release: FreeBSD 5.4 >Organization: FSN >Environment: FreeBSD clytaemnestra 5.4-STABLE FreeBSD 5.4-STABLE #3: Thu Aug 11 13:00:47 CEST 2005 root@clytaemnestra:/usr/obj/usr/src/sys/CLYTAEMNESTRA i386 >Description: A user can view the host's ARP table with -for example- arp -an in a jail. This can reveal some IP (and MAC) addresses on the local networks and the frequency of the communication (ARP timeouts). This can be undesirable in some situations. >How-To-Repeat: Jail a user and issue arp -an. >Fix: It would be very good to have an option, similar to security.bsd.unprivileged_read_msgbuf to disable this kind of behaviour. >Release-Note: >Audit-Trail: State-Changed-From-To: open->closed State-Changed-By: maxim State-Changed-When: Sat Apr 15 11:50:16 UTC 2006 State-Changed-Why: Duplicate of kern/68189. http://www.freebsd.org/cgi/query-pr.cgi?pr=85205 >Unformatted: