From owner-freebsd-security@FreeBSD.ORG Mon Jul 23 05:28:54 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2F4D816A418 for ; Mon, 23 Jul 2007 05:28:54 +0000 (UTC) (envelope-from tmclaugh@sdf.lonestar.org) Received: from straycat.dhs.org (c-24-63-86-11.hsd1.ma.comcast.net [24.63.86.11]) by mx1.freebsd.org (Postfix) with ESMTP id E4FB013C46B for ; Mon, 23 Jul 2007 05:28:53 +0000 (UTC) (envelope-from tmclaugh@sdf.lonestar.org) Received: from [192.168.1.127] (bofh.straycat.dhs.org [192.168.1.127]) by straycat.dhs.org (8.13.8/8.13.8) with ESMTP id l6N56mJn008308 for ; Mon, 23 Jul 2007 01:06:48 -0400 (EDT) From: Tom McLaughlin To: freebsd-security@freebsd.org Content-Type: text/plain Date: Mon, 23 Jul 2007 01:06:47 -0400 Message-Id: <1185167207.99537.22.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.10.2 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Subject: sudo + pam_lastlog causes user to appear logged out in logs. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jul 2007 05:28:54 -0000 Hi, this was originally reported on ports@. [1] Someone noticed that after after running sudo their session disappeared when running `w` afterwards. I've done a little experimenting and this is caused when pam_lastlog.so is included in sudo's pam file. This results in the user still being logged in though according to the system logs the user has logged out. Here's an example: [tom@releng-7-fbsd tom]$ w 12:50AM up 6 days, 12:30, 2 users, load averages: 0.24, 0.31, 0.30 USER TTY FROM LOGIN@ IDLE WHAT tom p0 bofh 12:50AM - w [tom@releng-7-fbsd tom]$ last tom ttyp0 bofh Mon Jul 23 00:50 still logged in ... [tom@releng-7-fbsd tom]$ sudo kill ... [tom@releng-7-fbsd tom]$ w 12:53AM up 6 days, 12:34, 1 user, load averages: 0.17, 0.22, 0.25 USER TTY FROM LOGIN@ IDLE WHAT [tom@releng-7-fbsd tom]$ last root ttyp0 Mon Jul 23 00:53 - 00:53 (00:00) tom ttyp0 bofh Mon Jul 23 00:50 - 00:53 (00:03) I can confirm this on -CURRENT and -STABLE. I tested on a CentOS 5.0 box and their pam_lastlog does not cause this with sudo so it appears to be an issue specific to ours. Can someone take a look into this? Also, is there any way sudo can work around this? Right now I've commented out the session line in the pam file that is installed by the port so most users will not be affected. Thanks. [1] http://lists.freebsd.org/pipermail/freebsd-ports/2007-July/042746.html tom -- | tmclaugh at sdf.lonestar.org tmclaugh at FreeBSD.org | | FreeBSD http://www.FreeBSD.org | From owner-freebsd-security@FreeBSD.ORG Tue Jul 24 12:22:17 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 90A7F16A417 for ; Tue, 24 Jul 2007 12:22:17 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (tim.des.no [194.63.250.121]) by mx1.freebsd.org (Postfix) with ESMTP id 498DA13C45A for ; Tue, 24 Jul 2007 12:22:17 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (localhost [127.0.0.1]) by spam.des.no (Postfix) with ESMTP id C82932085; Tue, 24 Jul 2007 14:22:13 +0200 (CEST) X-Spam-Tests: AWL X-Spam-Learn: disabled X-Spam-Score: 0.0/3.0 X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on tim.des.no Received: from dwp.des.no (des.no [80.203.243.180]) by smtp.des.no (Postfix) with ESMTP id 3D8DB2082; Tue, 24 Jul 2007 14:22:13 +0200 (CEST) Received: by dwp.des.no (Postfix, from userid 1001) id 20BF6A1057; Tue, 24 Jul 2007 14:22:13 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Tom McLaughlin References: <1185167207.99537.22.camel@localhost> Date: Tue, 24 Jul 2007 14:22:13 +0200 In-Reply-To: <1185167207.99537.22.camel@localhost> (Tom McLaughlin's message of "Mon\, 23 Jul 2007 01\:06\:47 -0400") Message-ID: <86fy3evvnu.fsf@dwp.des.no> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: Re: sudo + pam_lastlog causes user to appear logged out in logs. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jul 2007 12:22:17 -0000 Tom McLaughlin writes: > Hi, this was originally reported on ports@. [1] Someone noticed that > after after running sudo their session disappeared when running `w` > afterwards. I've done a little experimenting and this is caused when > pam_lastlog.so is included in sudo's pam file. This results in the user > still being logged in though according to the system logs the user has > logged out. There can only be one user at a time on a tty; if sudo records the target user in wtmp, information about the invoking user being logged in is overwritten. When sudo "logs out" the target user, it is as if nobody is logged in on that tty. Therefore neither su nor sudo should invoke pam_lastlog; FreeBSD's PAM configuration for su does not, and neither do e.g. Debian's or Ubuntu's PAM configurations for su and sudo. > I can confirm this on -CURRENT and -STABLE. I tested on a CentOS 5.0 > box and their pam_lastlog does not cause this with sudo so it appears to > be an issue specific to ours. Can someone take a look into this? Also, > is there any way sudo can work around this? Right now I've commented > out the session line in the pam file that is installed by the port so > most users will not be affected. Thanks. It is bad form to leave a service unconfigured in a PAM stack, as PAM will fall back to the default stack (if one exists) which may not be what you want. Instead, use pam_permit. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Wed Jul 25 00:06:16 2007 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3AFD816A477 for ; Wed, 25 Jul 2007 00:06:16 +0000 (UTC) (envelope-from simon@benji.nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.freebsd.org (Postfix) with ESMTP id 5C57213C491 for ; Wed, 25 Jul 2007 00:01:46 +0000 (UTC) (envelope-from simon@benji.nitro.dk) Received: from benji.nitro.dk (unknown [192.168.3.39]) by mx.nitro.dk (Postfix) with ESMTP id 53F2A2DE284; Tue, 24 Jul 2007 23:46:19 +0000 (UTC) Received: by benji.nitro.dk (Postfix, from userid 2000) id E63BAFD9F; Wed, 25 Jul 2007 01:46:36 +0200 (CEST) Date: Wed, 25 Jul 2007 01:46:36 +0200 From: "Simon L. Nielsen" To: FreeBSD Questions , freebsd-security@FreeBSD.org Message-ID: <20070724234636.GA6738@zaphod.nitro.dk> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="CE+1k2dSO48ffgeK" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.16 (2007-06-09) Cc: FreeBSD Security Team , Jeffrey Goldberg Subject: Re: Waiting for BIND security announcement X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Simon L. Nielsen" , freebsd-security@FreeBSD.org, FreeBSD Security Team List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jul 2007 00:06:16 -0000 --CE+1k2dSO48ffgeK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable [freebsd-security@ CC'ed to avoid answering the same there again shorly :) - if following up, please drop either freebsd-questions or freebsd-securiy to avoid "spamming" both lists] On 2007.07.24 18:15:43 -0500, Jeffrey Goldberg wrote: > As I'm sure many people know there is a newly discovered BIND vulnerabili= ty=20 > allowing cache injection (pharming). See >=20 > http://www.isc.org/index.pl?/sw/bind/bind-security.php >=20 > for details. >=20 > The version of bind on 6.2, 9.3.3, looks like it is vulnerable (along wit= h=20 > many other versions). It's not particularly an issue for me since my nam= e=20 > servers aren't publicly queryable, but I am curios about how things like= =20 > security problems in > src/contrib get handled in FreeBSD. Yes, the FreeBSD Security Team and the FreeBSD BIND maintainer are aware of the issue and are working on fixing it in FreeBSD as soon as possible. More details about the issue can be found at: http://www.isc.org/sw/bind/bind-security.php . Our general security handling policies can be found at: http://security.FreeBSD.org/ . --=20 Simon L. Nielsen FreeBSD Deputy Security Officer --CE+1k2dSO48ffgeK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGpo9cBJx0gP90kKsRAmOJAJ9Z5JepxUgI7J71CSp5ujQPVPNjTQCdGl3T yHN5mMu1zKojJwDDzGSV9Bw= =sEQS -----END PGP SIGNATURE----- --CE+1k2dSO48ffgeK-- From owner-freebsd-security@FreeBSD.ORG Wed Jul 25 00:47:27 2007 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 40D6016A419 for ; Wed, 25 Jul 2007 00:47:27 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx21.fluidhosting.com [204.14.89.4]) by mx1.freebsd.org (Postfix) with SMTP id EF33613C45E for ; Wed, 25 Jul 2007 00:47:26 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: (qmail 9391 invoked by uid 399); 25 Jul 2007 00:20:46 -0000 Received: from localhost (HELO lap.dougb.net) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTP; 25 Jul 2007 00:20:46 -0000 X-Originating-IP: 127.0.0.1 Message-ID: <46A6975C.6000201@FreeBSD.org> Date: Tue, 24 Jul 2007 17:20:44 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 2.0.0.5 (X11/20070723) MIME-Version: 1.0 To: "Simon L. Nielsen" , freebsd-security@FreeBSD.org, FreeBSD Security Team References: <20070724234636.GA6738@zaphod.nitro.dk> In-Reply-To: <20070724234636.GA6738@zaphod.nitro.dk> X-Enigmail-Version: 0.95.1 OpenPGP: id=D5B2F0FB Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: FreeBSD Questions , Jeffrey Goldberg Subject: Re: Waiting for BIND security announcement X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-security@FreeBSD.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jul 2007 00:47:27 -0000 Simon L. Nielsen wrote: > [freebsd-security@ CC'ed to avoid answering the same there again > shorly :) - if following up, please drop either freebsd-questions or > freebsd-securiy to avoid "spamming" both lists] > > On 2007.07.24 18:15:43 -0500, Jeffrey Goldberg wrote: > >> As I'm sure many people know there is a newly discovered BIND vulnerability >> allowing cache injection (pharming). See I think it's worth pointing out that cache injection and pharming are not the same thing, although cache injection can be used as part of a pharming attack. I also think it's worth noting that this isn't an "all your queries are belong to us" type of attack. The attack involves _predicting_ query id numbers which at _best_ will be successful only once in 16 tries. Then you have to actually time it right so that you can use your guess. Still, it is worth upgrading to avoid this issue. >> http://www.isc.org/index.pl?/sw/bind/bind-security.php >> >> for details. >> >> The version of bind on 6.2, 9.3.3, RELENG_6 was updated shortly after the release of 9.3.4. I'll be updating RELENG_[56] with the new 9.3.4-P1 version after I'm done regression testing it, which should be some time tonight. Same for updating HEAD with 9.4.1-P1. The ports for bind9 and bind94 are already updated, so those with urgent needs can use that route to upgrade immediately. hope this helps, Doug -- This .signature sanitized for your protection From owner-freebsd-security@FreeBSD.ORG Fri Jul 27 07:41:36 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4677516A41B for ; Fri, 27 Jul 2007 07:41:36 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx22.fluidhosting.com [204.14.89.5]) by mx1.freebsd.org (Postfix) with SMTP id DC17513C47E for ; Fri, 27 Jul 2007 07:41:35 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: (qmail 11045 invoked by uid 399); 27 Jul 2007 07:41:35 -0000 Received: from localhost (HELO ?192.168.0.4?) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTP; 27 Jul 2007 07:41:35 -0000 X-Originating-IP: 127.0.0.1 Message-ID: <46A9A1A8.6000300@FreeBSD.org> Date: Fri, 27 Jul 2007 00:41:28 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 2.0.0.5 (Windows/20070716) MIME-Version: 1.0 To: Joel Hatton References: <200707270712.l6R7CYs4064783@app.auscert.org.au> In-Reply-To: <200707270712.l6R7CYs4064783@app.auscert.org.au> X-Enigmail-Version: 0.95.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org, Philipp Wuensche , freebsd-stable@freebsd.org Subject: jail fstab X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jul 2007 07:41:36 -0000 Joel Hatton wrote: > Hi, > > I'm dredging up an old issue here, but it appears to be unresolved in > RELENG_5_5 at this time. The RELENG_5_5 tag is static, so nothing will change in it. You mention a patch version below however, so you should be aware that only the most crucial security fixes are ever applied to security branches. > In short, the jail_mount_fstab function is not given the fstab file on > which the local variables depend. This problem is fixed in RELENG_5, so if you were to upgrade to 5-stable you wouldn't have this problem anymore. You should also seriously consider upgrading to 6-stable at least, since fewer and fewer fixes will be backported to the 5.x branch as time goes by. Doug -- This .signature sanitized for your protection From owner-freebsd-security@FreeBSD.ORG Fri Jul 27 09:07:15 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8CBFC16A418 for ; Fri, 27 Jul 2007 09:07:15 +0000 (UTC) (envelope-from simon@benji.nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.freebsd.org (Postfix) with ESMTP id 0356F13C467 for ; Fri, 27 Jul 2007 09:07:14 +0000 (UTC) (envelope-from simon@benji.nitro.dk) Received: from benji.nitro.dk (unknown [192.168.3.39]) by mx.nitro.dk (Postfix) with ESMTP id 6FED92DF4B4; Fri, 27 Jul 2007 09:07:13 +0000 (UTC) Received: by benji.nitro.dk (Postfix, from userid 2000) id 3E949FD58; Fri, 27 Jul 2007 11:07:30 +0200 (CEST) Date: Fri, 27 Jul 2007 11:07:29 +0200 From: "Simon L. Nielsen" To: Joel Hatton Message-ID: <20070727090729.GA1004@zaphod.nitro.dk> References: <45A7034B.3070002@h3q.com> <200707270712.l6R7CYs4064783@app.auscert.org.au> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="GRPZ8SYKNexpdSJ7" Content-Disposition: inline In-Reply-To: <200707270712.l6R7CYs4064783@app.auscert.org.au> User-Agent: Mutt/1.5.16 (2007-06-09) Cc: freebsd-security@freebsd.org, freebsd-stable@freebsd.org Subject: Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jul 2007 09:07:15 -0000 --GRPZ8SYKNexpdSJ7 Content-Type: multipart/mixed; boundary="Qxx1br4bt0+wmkIi" Content-Disposition: inline --Qxx1br4bt0+wmkIi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2007.07.27 17:12:34 +1000, Joel Hatton wrote: > I'm dredging up an old issue here, but it appears to be unresolved in > RELENG_5_5 at this time. After upgrading to 5.5-RELEASE-p14, I found that > my jails wouldn't start anymore, and it comes down to this bit again. By > way of explanation, I'll include the patch for what I changed. >=20 > --- /tmp/jail Wed Feb 14 15:16:30 2007 > +++ /etc/rc.d/jail Fri Jul 27 13:46:51 2007 > @@ -218,7 +218,7 @@ > { > local _device _mountpt _rest > =20 > - while read _device _mountpt _rest; do > + cat ${jail_fstab} | while read _device _mountpt _rest; do > case ":${_device}" in > :#* | :) > continue >=20 > In short, the jail_mount_fstab function is not given the fstab file on > which the local variables depend. My patch may not be the most robust but > for me today it is expedient. Hey, Yes, looking at the code now it is clearly wrong. Guess I/we (secteam) stared too much at the code so we missed this issue :-/. Your patch is very close to the "correct"/cleaner patch which is attached. How exactly does it fail without your patch? Does it say "cannot open : No such file or directory" and then no jails start when booting (that would be my guess from a quick check of the bug)? Would it be possible for you to test the attached patch and see if it fixes the issue for you? > Sorry if this has been discussed already, but I was surprised that this > hadn't been fixed yet. It certainly would have caused some anxious moments > if I'd upgraded a prod server with multiple jails before I realised! I haven't heard of this issue before, so not many people are using 5.5 with jails. The bug was certainly introduced as a merge error in the with the patch for FreeBSD-SA-07:01.jail. As this is clearly a bug in a Security Advisory patch and RELENG_5 / RELENG_5_5 are still supported I expect that an updated advisory will be released to fix this bug shortly. Thanks for reporting the issue, and sorry about the bad patch :-(. --=20 Simon L. Nielsen Hat: FreeBSD Security Team and pointyhat --Qxx1br4bt0+wmkIi Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=jail5_11 Content-Transfer-Encoding: quoted-printable Index: jail =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/etc/rc.d/jail,v retrieving revision 1.15.2.5.2.1 diff -u -d -r1.15.2.5.2.1 jail --- jail 11 Jan 2007 18:19:33 -0000 1.15.2.5.2.1 +++ jail 27 Jul 2007 08:49:37 -0000 @@ -228,7 +228,7 @@ warn "${_mountpt} has symlink as parent - not mounting from ${jail_fsta= b}" return fi - done <${_fstab} + done <${jail_fstab} mount -a -F "${jail_fstab}" } =20 --Qxx1br4bt0+wmkIi-- --GRPZ8SYKNexpdSJ7 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGqbXQBJx0gP90kKsRAoYcAJ459927vr4qhpGPmduiQQ0DS8sYuQCeJNPh 2HnAMtOU/KKZw6z0kLCDU7U= =D8WS -----END PGP SIGNATURE----- --GRPZ8SYKNexpdSJ7-- From owner-freebsd-security@FreeBSD.ORG Fri Jul 27 07:28:54 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3FAC916A420; Fri, 27 Jul 2007 07:28:54 +0000 (UTC) (envelope-from freebsd-stable@auscert.org.au) Received: from titania.auscert.org.au (gw.auscert.org.au [203.5.112.28]) by mx1.freebsd.org (Postfix) with ESMTP id CD05F13C47E; Fri, 27 Jul 2007 07:28:53 +0000 (UTC) (envelope-from freebsd-stable@auscert.org.au) Received: from app.auscert.org.au (app [10.0.1.192]) by titania.auscert.org.au (8.12.10/8.12.10) with ESMTP id l6R7Cg3Y095839; Fri, 27 Jul 2007 17:12:42 +1000 (EST) Received: from app.auscert.org.au (localhost.auscert.org.au [127.0.0.1]) by app.auscert.org.au (8.13.6/8.13.6) with ESMTP id l6R7CYs4064783; Fri, 27 Jul 2007 17:12:34 +1000 (EST) (envelope-from freebsd-stable@auscert.org.au) Message-Id: <200707270712.l6R7CYs4064783@app.auscert.org.au> To: freebsd-stable@freebsd.org from: Joel Hatton In-Reply-To: Message from Philipp Wuensche of "Fri, 12 Jan 2007 04:40:59 +0100." <45A7034B.3070002@h3q.com> Date: Fri, 27 Jul 2007 17:12:34 +1000 X-Mailman-Approved-At: Fri, 27 Jul 2007 11:16:58 +0000 Cc: freebsd-security@freebsd.org, Mark Andrews , Philipp Wuensche Subject: Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jul 2007 07:28:54 -0000 Hi, I'm dredging up an old issue here, but it appears to be unresolved in RELENG_5_5 at this time. After upgrading to 5.5-RELEASE-p14, I found that my jails wouldn't start anymore, and it comes down to this bit again. By way of explanation, I'll include the patch for what I changed. --- /tmp/jail Wed Feb 14 15:16:30 2007 +++ /etc/rc.d/jail Fri Jul 27 13:46:51 2007 @@ -218,7 +218,7 @@ { local _device _mountpt _rest - while read _device _mountpt _rest; do + cat ${jail_fstab} | while read _device _mountpt _rest; do case ":${_device}" in :#* | :) continue In short, the jail_mount_fstab function is not given the fstab file on which the local variables depend. My patch may not be the most robust but for me today it is expedient. Sorry if this has been discussed already, but I was surprised that this hadn't been fixed yet. It certainly would have caused some anxious moments if I'd upgraded a prod server with multiple jails before I realised! cheers, joel On Fri, 12 Jan 2007 04:40:59 +0100, Philipp Wuensche wrote: >Mark Andrews wrote: >>> I'm not sure I understand that quite correct, where is this problem >>> appearing? >>> >>> Other things: >>> >>> tail is used in line 230: tail -r ${_fstab} | while read _device >>> _mountpt _rest; do >>> >>> If the per-jail fstab is larger than 10 lines, which is the default of >>> tail to show, the remaining mountpoints will not be unmounted? >> >> The default for the -r option is to display all of the input. > >Ah, didn't know that. Thanks for correcting me there. > >greetings, >philipp