jail: Fix information leak.
There is a lack of proper visibility checking in kern.ttys sysctl handler
which leads to information leak about processes outside the current jail.
This can be demonstrated with pstat -t: when called from within a jail,
it will output all terminal devices including process groups and
session leader process IDs:
jail# pstat -t | grep pts/ | head
LINE INQ CAN LIN LOW OUTQ USE LOW COL SESS PGID STATE pts/2 1920 0 0 192 1984 0 199 0 4132 27245 Oi pts/3 1920 0 0 192 1984 0 199 16 24890 33627 Oi pts/5 0 0 0 0 0 0 0 25 17758 0 G pts/16 0 0 0 0 0 0 0 0 52495 0 G pts/15 0 0 0 0 0 0 0 25 53446 0 G pts/17 0 0 0 0 0 0 0 6702 33230 0 G pts/19 0 0 0 0 0 0 0 14 1116 0 G pts/0 0 0 0 0 0 0 0 0 2241 0 G pts/23 0 0 0 0 0 0 0 20 15639 0 G pts/6 0 0 0 0 0 0 0 0 44062 93792 G
jail# pstat -t | grep pts/ | wc -l
85
Devfs does the filtering correctly and we get only one entry:
jail# ls /dev/pts/
2
Approved by: mzaborski, secteam
MFC after: 1 week
Sponsored by: Fudo Security