Re: Improving FreeBSD-SA-07:01.jail fix [was: HEADS UP: Re: Free

看板FB_security作者時間19年前 (2007/01/20 22:07), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串4/7 (看更多)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pawel Jakub Dawidek wrote: > When -J operates on a file inside a jail, it create the same security > hole as the one from security advisory, because it opens a file before > calling jail(2). > I fully agree that console.log should be outside a jail. At least noone > proposed safe solution so far, which also means it's not an easy fix. I still suggest using "pwd -P" to get the real path and using the shell's CWD as a lock. That works safely with mount(8) at least. Comments? erdgeist -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFFsiGzImmQdUyYEgkRAlKcAJ4izD1J4x6jDDfvrtr5J+bcmSxK/ACfRpwn x5yVH4uJIN7CWEgYtATKDE0= =sQq3 -----END PGP SIGNATURE----- _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 erdgeist. 的文章
文章代碼(AID): #15iY8-00 (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 4 之 7 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共7篇)
更多 erdgeist. 的文章
文章代碼(AID): #15iY8-00 (FB_security)