From 905becc991e66112ea89a173388006360e46bf73 Mon Sep 17 00:00:00 2001 From: Liav A Date: Fri, 2 Dec 2022 11:37:46 +0200 Subject: [PATCH] Base: Add a note about Jails open access in the Mitigations(7) document --- Base/usr/share/man/man7/Mitigations.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Base/usr/share/man/man7/Mitigations.md b/Base/usr/share/man/man7/Mitigations.md index 19200d764b..c2f0f33057 100644 --- a/Base/usr/share/man/man7/Mitigations.md +++ b/Base/usr/share/man/man7/Mitigations.md @@ -103,6 +103,8 @@ Special restrictions on filesystem also apply: - Read accesses is forbidden by default to all nodes in `/sys/kernel` directory, except for: `df`, `interrupts`, `keymap`, `memstat`, `processes`, `stats` and `uptime`. - Write access is forbidden to kernel variables (which are located in `/sys/kernel/variables`). +- Open access is forbidden to all device nodes except for `/dev/full`, `/dev/null`, `/dev/zero`, `/dev/random` and various + other TTY/PTY devices (not including Kernel virtual consoles). It was first added in the following [commit](https://github.com/SerenityOS/serenity/commit/5e062414c11df31ed595c363990005eef00fa263), for kernel support, and the following commits added basic userspace utilities: