Re: Improving FreeBSD-SA-07:01.jail fix [was: HEADS UP: Re: Free
--vni90+aGYgRvsTuO
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sat, Jan 20, 2007 at 01:24:33PM +0100, Simon L. Nielsen wrote:
[...]
> BTW. with regard to the console.log file I really don't think it
> should be put back inside the jail unless it's possible to make the
> generation of the file entirely inside the jail since it's just not
> worth the risk/complexity. I think it should be possible to do this
> with jail(8) in -CURRENT (see -J flag), but:
When -J operates on a file inside a jail, it create the same security
hole as the one from security advisory, because it opens a file before
calling jail(2).
I fully agree that console.log should be outside a jail. At least noone
proposed safe solution so far, which also means it's not an easy fix.
--=20
Pawel Jakub Dawidek http://www.wheel.pl
pjd@FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
--vni90+aGYgRvsTuO
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)
iD8DBQFFshMMForvXbEpPzQRApA1AKDiMTyIcxDIvDZ4cmeKA4iGMlqdigCgu3QU
pykGKIYasuv/tQgcOY1+hl4=
=YXAz
-----END PGP SIGNATURE-----
--vni90+aGYgRvsTuO--
討論串 (同標題文章)
完整討論串 (本文為第 2 之 7 篇):