DragonFlyBSD Kernel Audit
← dashboard
DF-0136

Jail isolation breach: varsym_list(VARSYM_SYS) leaks host varsyms to jailed processes

Summary

sys_varsym_list(:263-265) sets vss=&varsymset_sys for VARSYM_SYS with no jail check. Compare sys_varsym_set(:153-155) redirects VARSYM_SYS->VARSYM_PRISON for jailed. varsymfind(:400-408) also jail-scoped. varsym_list is ONLY path where jailed process reaches global varsymset_sys. Info leak host->jail.