Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 30 Jul 2007 11:38:20 +1000
From:      Joel Hatton <joel@auscert.org.au>
To:        "Simon L. Nielsen" <simon@FreeBSD.org>
Cc:        freebsd-security@FreeBSD.org, freebsd-stable@FreeBSD.org, Joel Hatton <freebsd-stable@auscert.org.au>
Subject:   Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail 
Message-ID:  <200707300138.l6U1cKQ4024921@app.auscert.org.au>
In-Reply-To: Your message of "Fri, 27 Jul 2007 11:07:29 %2B0200." <20070727090729.GA1004@zaphod.nitro.dk> 

next in thread | previous in thread | raw e-mail | index | archive | help
Hi Simon,

Thanks very much for the patch :)

On Fri, 27 Jul 2007 11:07:29 +0200, "Simon L. Nielsen" wrote:
>
>Your patch is very close to the "correct"/cleaner patch which is
>attached.  How exactly does it fail without your patch?  Does it say
>"cannot open : No such file or directory" and then no jails start when
>booting (that would be my guess from a quick check of the bug)?

Sure does:

eval: cannot open : No such file or directory

and no jails start.

>
>Would it be possible for you to test the attached patch and see if it
>fixes the issue for you?

It does indeed. I was actually pretty foolish in the way that I addressed
it, now that I see what your patch does. I was so busy scratching my head
at the variables before the 'while' loop that I didn't see that the problem
was in the ${_fstab} being fed to it on stdin!

>
>I haven't heard of this issue before, so not many people are using 5.5
>with jails.  The bug was certainly introduced as a merge error in the
>with the patch for FreeBSD-SA-07:01.jail.

Or maybe they're not patching often enough? Actually, my suspicion is that
not many are using the jail_example_mount_enable variable, because without
this set the responsible code is never called.

>
>As this is clearly a bug in a Security Advisory patch and RELENG_5 /
>RELENG_5_5 are still supported I expect that an updated advisory will
>be released to fix this bug shortly.
>
>Thanks for reporting the issue, and sorry about the bad patch :-(.

No problem! It feels good to help :) I never implement new patches into
my prod environment before testing, so this has basically been an
interesting exercise for me.

cheers,
joel

-- Joel Hatton --
Infrastructure Manager              | Hotline: +61 7 3365 4417
AusCERT - Australia's national CERT | Fax:     +61 7 3365 7031
The University of Queensland        | WWW:     www.auscert.org.au
Qld 4072 Australia                  | Email:   auscert@auscert.org.au




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707300138.l6U1cKQ4024921>