DragonFlyBSD Kernel Audit
← dashboard
DF-0190

logopen performs no jail check beyond devfs file mode

Summary

logopen trusts devfs 0600 mode only. No prison_priv_check. If /dev/klog exposed to jail via devfs rules, jailed root reads host kernel messages. Default devfs does not expose. Defense-in-depth.