Re: Improving FreeBSD-SA-07:01.jail fix

---

• From: "Simon L. Nielsen" <simon@xxxxxxxxxxx>
• Date: Sat, 20 Jan 2007 18:01:59 +0100

---

On 2007.01.20 17:52:32 +0100, Stefan Bethke wrote:

Am 20.01.2007 um 13:24 schrieb Simon L. Nielsen:

BTW. with regard to the console.log file I really don't think it
should be put back inside the jail unless it's possible to make the
generation of the file entirely inside the jail since it's just not
worth the risk/complexity.

I'm probably missing something, but why not replace:
_jail_id=$(head -1 ${_tmp_jail})
tail +2 ${_tmp_jail} >${_rootdir}/var/log/console.log
with:
_jail_id=$(head -1 ${_tmp_jail})
tail +2 ${_tmp_jail} | jexec ${_jail_id} sh -c "cat >/var/log/
console.log"

I thought of, and actually implemented, a similar solution when I
worked on the problem but there are two problems:

- You cannot be sure cat exists inside the jail.
- The jail could already have exited again in which case jexec will
fail.

--
Simon L. Nielsen
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

---

• References:
  • FreeBSD Security Advisory FreeBSD-SA-07:01.jail
    • From: FreeBSD Security Advisories
  • HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
    • From: Colin Percival
  • Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
    • From: Pawel Jakub Dawidek
  • Re: Improving FreeBSD-SA-07:01.jail fix [was: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail]
    • From: Simon L. Nielsen
  • Re: Improving FreeBSD-SA-07:01.jail fix
    • From: Stefan Bethke

• Prev by Date: Re: Improving FreeBSD-SA-07:01.jail fix [was: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail]
• Next by Date: Re: Improving FreeBSD-SA-07:01.jail fix
• Previous by thread: Re: Improving FreeBSD-SA-07:01.jail fix
• Next by thread: Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
• Index(es):
  • Date
  • Thread

---

Relevant Pages Hakim Saad Atef will confer Endora ... commerce, whilst Abdul reluctantly multiplys them too. ... faithful succession. ... answering belt worth my lap. ... jail now, won't offer jails later. ... (sci.crypt) Re: Digital Media Equipment Self-Encryption (DMESE) ... Otherwise the merit in Yosri's jail might bring some political ... Alvin and Abbas conceived the profound landscapes ... till think worth. ... It will physically note but forward developed ... (sci.crypt) Re: Tape flashbacks ... pay people to serve jail sentences for you. ... It transmutes one kind of punishment into another. ... professional jailbird will demand down to as much as jail is worth to ... (alt.sysadmin.recovery) Re: Improving FreeBSD-SA-07:01.jail fix ... should be put back inside the jail unless it's possible to make the ... worth the risk/complexity. ... fail. ... Simon L. Nielsen ... (freebsd-stable) Re: Kathy Ireland Freedoms Godmother! ... Mrs. Nonny is worth a ... Don't weep, she is out of jail and has not ... (rec.travel.cruises)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2007-01