Re: Improving FreeBSD-SA-07:01.jail fix

看板FB_security作者時間19年前 (2007/01/21 01:09), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串1/2 (看更多)
On 2007.01.20 17:52:32 +0100, Stefan Bethke wrote: > Am 20.01.2007 um 13:24 schrieb Simon L. Nielsen: > > >BTW. with regard to the console.log file I really don't think it > >should be put back inside the jail unless it's possible to make the > >generation of the file entirely inside the jail since it's just not > >worth the risk/complexity. > > I'm probably missing something, but why not replace: > _jail_id=$(head -1 ${_tmp_jail}) > tail +2 ${_tmp_jail} >${_rootdir}/var/log/console.log > with: > _jail_id=$(head -1 ${_tmp_jail}) > tail +2 ${_tmp_jail} | jexec ${_jail_id} sh -c "cat >/var/log/ > console.log" I thought of, and actually implemented, a similar solution when I worked on the problem but there are two problems: - You cannot be sure cat exists inside the jail. - The jail could already have exited again in which case jexec will fail. -- Simon L. Nielsen _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 simon. 的文章
文章代碼(AID): #15iapU00 (FB_security)
更多 simon. 的文章
文章代碼(AID): #15iapU00 (FB_security)