Jamie, On Fri, Sep 06, 2013 at 12:59:06PM -0600, Jamie Gritton wrote: J> > J> + J> > J> + /* J> > J> + * As in the non-jail case, non-root users are expected to be J> > J> + * able to read kernel/phyiscal memory (provided /dev/[k]mem J> > J> + * exists in the jail and they have permission to access it). J> > J> + */ J> > J> + case PRIV_KMEM_READ: J> > J> return (0); J> > J> J> > J> /* J> > J> > Was that discussed anywhere or reviewed by anyone? J> J> Yes, it was brought up by jase@ in src-committers last week, noting that J> my original PRIV_KMEM_* commit (r252841) broke existing jail behavior. J> The entire "discussion" was the mention of the problem and my mention of J> what it would take to fix it. There was no code review as such, but that J> seemed appropriate for an obvious one-liner.
I'm sorry then. Does that mean that we always have had ability for a jail-root to investigate kernel memory? -- Totus tuus, Glebius. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "[email protected]"
