diff options
| author | rwatson <rwatson@FreeBSD.org> | 2003-07-28 16:03:53 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2003-07-28 16:03:53 +0000 |
| commit | 9bfbf98f8a8fcc1607b07e0109f31468a6e9fef3 (patch) | |
| tree | 711edcac151fb045a3072eca68084bb8e556d3e1 /usr.sbin/acpi/acpiconf/acpiconf.8 | |
| parent | 0f7d88f2558efa06dafaf75e485e06ab56d80c46 (diff) | |
| download | FreeBSD-src-9bfbf98f8a8fcc1607b07e0109f31468a6e9fef3.zip FreeBSD-src-9bfbf98f8a8fcc1607b07e0109f31468a6e9fef3.tar.gz | |
When exporting file descriptor data for threads invoking the
kern.file sysctl, don't return information about processes that
fail p_cansee(td, p). This prevents sockstat and related
programs from seeing file descriptors owned by processes not
in the same jail as the thread, as well as having implications
for MAC, etc.
This is a partial solution: it permits an information leak about
the number of descriptors in the sizing calculation (but this is
not new information, you can also get it from kern.openfiles),
and doesn't attempt to mask file descriptors based on the
properties of the descriptor, only the process referencing it.
However, it provides most of what you want under most
circumstances, without complicating the locking.
PR: 54211
Based on a patch submitted by: Pawel Jakub Dawidek <nick@garage.freebsd.pl>
Diffstat (limited to 'usr.sbin/acpi/acpiconf/acpiconf.8')
0 files changed, 0 insertions, 0 deletions
