DragonFlyBSD Kernel Audit
← dashboard
DF-0120

Unprivileged read of all kernel env variables (boot/loader secrets)

Summary

KENV_GET(:135-149) and sysctl_kenv_boot(:472-501) expose all boot loader env vars to any local user. No caps_priv_check on read paths. Secrets in loader.conf (passwords, keys) disclosed. Documented BSD behavior but defense-in-depth gap.