Date: Mon, 30 Jul 2007 11:38:20 +1000 From: Joel Hatton <joel@auscert.org.au> To: "Simon L. Nielsen" <simon@FreeBSD.org> Cc: freebsd-security@FreeBSD.org, freebsd-stable@FreeBSD.org, Joel Hatton <freebsd-stable@auscert.org.au> Subject: Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail Message-ID: <200707300138.l6U1cKQ4024921@app.auscert.org.au> In-Reply-To: Your message of "Fri, 27 Jul 2007 11:07:29 %2B0200." <20070727090729.GA1004@zaphod.nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Simon, Thanks very much for the patch :) On Fri, 27 Jul 2007 11:07:29 +0200, "Simon L. Nielsen" wrote: > >Your patch is very close to the "correct"/cleaner patch which is >attached. How exactly does it fail without your patch? Does it say >"cannot open : No such file or directory" and then no jails start when >booting (that would be my guess from a quick check of the bug)? Sure does: eval: cannot open : No such file or directory and no jails start. > >Would it be possible for you to test the attached patch and see if it >fixes the issue for you? It does indeed. I was actually pretty foolish in the way that I addressed it, now that I see what your patch does. I was so busy scratching my head at the variables before the 'while' loop that I didn't see that the problem was in the ${_fstab} being fed to it on stdin! > >I haven't heard of this issue before, so not many people are using 5.5 >with jails. The bug was certainly introduced as a merge error in the >with the patch for FreeBSD-SA-07:01.jail. Or maybe they're not patching often enough? Actually, my suspicion is that not many are using the jail_example_mount_enable variable, because without this set the responsible code is never called. > >As this is clearly a bug in a Security Advisory patch and RELENG_5 / >RELENG_5_5 are still supported I expect that an updated advisory will >be released to fix this bug shortly. > >Thanks for reporting the issue, and sorry about the bad patch :-(. No problem! It feels good to help :) I never implement new patches into my prod environment before testing, so this has basically been an interesting exercise for me. cheers, joel -- Joel Hatton -- Infrastructure Manager | Hotline: +61 7 3365 4417 AusCERT - Australia's national CERT | Fax: +61 7 3365 7031 The University of Queensland | WWW: www.auscert.org.au Qld 4072 Australia | Email: auscert@auscert.org.au
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707300138.l6U1cKQ4024921>