Date: Wed, 8 Feb 2012 22:17:39 -0500 From: Nathaniel W Filardo <nwf@cs.jhu.edu> To: pgollucci@freebsd.org Cc: nwf@cs.jhu.edu, apache@freebsd.org Subject: Re: ports/144010: devel/apr1 tries to use SYSVIPC even in jails Message-ID: <20120209031739.GE2226@gradx.cs.jhu.edu> In-Reply-To: <201202090259.q192x8Ir051130@freefall.freebsd.org> References: <201202090259.q192x8Ir051130@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--AH+kv8CCoFf6qPuz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 09, 2012 at 02:59:08AM +0000, pgollucci@freebsd.org wrote: > Synopsis: devel/apr1 tries to use SYSVIPC even in jails >=20 > State-Changed-From-To: open->closed > State-Changed-By: pgollucci > State-Changed-When: Thu Feb 9 02:59:08 UTC 2012 > State-Changed-Why:=20 > sysctl security.jail.sysvipc_allowed=3D1 before you build it in a jail if > you need this >=20 > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D144010 IMHO it would be better if APR were told to use a different IPC mechanism if it were jailed. sysvipc_allowed has dramatically negative security implications that the other IPC mechanisms it can use do not, AIUI. Thanks. --nwf; --AH+kv8CCoFf6qPuz Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk8zOtMACgkQTeQabvr9Tc/C0gCeI35tatmoJPI91FwSyIPYTYf+ rU8An10B60ip8toThaWUVThVPStFcZrV =YOYG -----END PGP SIGNATURE----- --AH+kv8CCoFf6qPuz--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120209031739.GE2226>