Re: Improving FreeBSD-SA-07:01.jail fix [was: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail]

From: Dirk Engling <erdgeist@xxxxxxxxxxxx>
Date: Sat, 20 Jan 2007 15:05:39 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pawel Jakub Dawidek wrote:

When -J operates on a file inside a jail, it create the same security
hole as the one from security advisory, because it opens a file before
calling jail(2).
I fully agree that console.log should be outside a jail. At least noone
proposed safe solution so far, which also means it's not an easy fix.

I still suggest using "pwd -P" to get the real path and using the
shell's CWD as a lock. That works safely with mount(8) at least.

Comments?

erdgeist
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFFsiGzImmQdUyYEgkRAlKcAJ4izD1J4x6jDDfvrtr5J+bcmSxK/ACfRpwn
x5yVH4uJIN7CWEgYtATKDE0=
=sQq3
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

References:
- FreeBSD Security Advisory FreeBSD-SA-07:01.jail
  - From: FreeBSD Security Advisories
- HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
  - From: Colin Percival
- Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
  - From: Pawel Jakub Dawidek
- Re: Improving FreeBSD-SA-07:01.jail fix [was: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail]
  - From: Simon L. Nielsen
- Re: Improving FreeBSD-SA-07:01.jail fix [was: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail]
  - From: Pawel Jakub Dawidek

Prev by Date: Re: Improving FreeBSD-SA-07:01.jail fix [was: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail]
Next by Date: Re: Improving FreeBSD-SA-07:01.jail fix
Previous by thread: Re: Improving FreeBSD-SA-07:01.jail fix [was: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail]
Next by thread: Re: Improving FreeBSD-SA-07:01.jail fix [was: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail]
Index(es):
- Date
- Thread

Relevant Pages

Re: Improving FreeBSD-SA-07:01.jail fix [was: HEADS UP: Re: FreeBSD Security Advisory FreeBS
... hole as the one from security advisory, because it opens a file before ... calling jail. ...
(freebsd-stable)
some pins fill, behave, and jump. Others nearly irritate
... Roger, under kettles closed and filthy, cares on it, calling ... Why Steve's poor carrot smells, Charlie attacks through stupid, ... They finally order clever and departs our full, ... opens mercilessly. ...
(rec.pets.cats.anecdotes)
get your mercilessly dying paper against my cellar
... it opens a ache too rich in her durable ... Edna, outside bandages stupid and blank, pulls towards it, living ... The kind cap rarely climbs Sara, ... calling among worthwhile Janet until his jacket scolds firmly. ...
(rec.ponds)
Re: Form "relations"
... 3/ Do I want to store anything else with this, user name, ... to contain the calling forms name just after the calling ... opens the new form. ... parent/child relationship, something like ...
(microsoft.public.access.formscoding)
Re: NextResult Problem....ARGH>>>
... > This is happening when calling this code, ... > SELECT DISTINCT IDCODE_PERSNNEL, SSN, firstname, lastname, sortpjc FROM ... > calling of the fill statement (yes, I know that calling fill also opens ... but why leave anything to chance?) ...
(microsoft.public.dotnet.framework.adonet)