Date: Thu, 15 Apr 2010 21:54:03 -0400 From: Greg Larkin <glarkin@FreeBSD.org> To: "Erich Jenkins, Fuujin Group Ltd" <erich@fuujingroup.com> Cc: "Kalle "@FreeBSD.ORG, freebsd-bugs@freebsd.org, freebsd-jail@freebsd.org, smithi@nimnet.asn.au Subject: Re: jail file and directory permissions Message-ID: <4BC7C33B.9000107@FreeBSD.org> In-Reply-To: <4BC4C91D.7020107@fuujingroup.com> References: <4BC2C578.9080108@fuujingroup.com> <i2l8250ac3f1004120043ga734bbe0s952dda5712ea38a5@mail.gmail.com> <4BC2E662.1050007@fuujingroup.com> <4BC31B31.6060201@FreeBSD.org> <4BC3A948.7010601@fuujingroup.com> <4BC4C91D.7020107@fuujingroup.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Erich Jenkins, Fuujin Group Ltd wrote: > Erich Jenkins, Fuujin Group Ltd wrote: >> Greg Larkin wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Erich Jenkins, Fuujin Group Ltd wrote: >>>> Kalle M=C3=B8ller wrote: >>>> <snip> >>>>> Could you please make a command list on what your doing and with >>>>> output.. like this ... >>>>> >>>>> --=20 >=20 > <snip> >=20 >> Since this was a buildworld copied via NFS from a build environment, >> it appears that something has gone terribly wrong during the build. >> I'm going to wipe this machine and do a completely fresh install of >> 7.0-REL, buildworld, and set up a jail to see if something did indeed >> break, or if this is an actual bug. >> >> Thank you very much to everyone who's responded to this issue. Your >> input has been instrumental in helping troubleshoot this. I'll post as >> soon as the build completes and I have a chance to test this tonight. >> >> Erich M. Jenkins >> Fuujin Group Limited >> >> "You should never, never doubt what no one is sure about." >> -- Gene Wilder >> _______________________________________________ >> freebsd-jail@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-jail >> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org= " >=20 > All: >=20 > After a fresh buildworld on this box, I am no longer seeing this user > permissions issue, which leads me to believe something is very very > wrong with the way it was built on the build server for the cluster. If > anyone would like, I'll tar up the build environment and put it > somewhere it can be accessed, assuming someone has the time/inclination > to sift through it and see what happened. I spent a few hours this > morning going through it and can't find anything out of the ordinary, > but most of the inner working of jails is a "black box" to me. >=20 > Thank you for all the feedback. I'm setting up the new build environmen= t > for the cluster to fix this issue for deployed systems. >=20 > Erich M. Jenkins > Fuujin Group Limited >=20 > "You should never, never doubt what no one is sure about." > -- Gene Wilder Hi Erich, I'm glad to hear that you got everything sorted out! If it's possible to set up the previous environment in a virtual machine or some spare hardware and grant me an ssh login, I would be interested in doing more tests to see if I can figure out what's going on. Whether there's a bug in the jail subsystem or a hole in the provisioning process that allows the privilege escalation, it would certainly be good to find the root cause. Thank you, Greg - -- Greg Larkin http://www.FreeBSD.org/ - The Power To Serve http://www.sourcehosting.net/ - Ready. Set. Code. http://twitter.com/sourcehosting/ - Follow me, follow you -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFLx8M70sRouByUApARAnpwAJ0f2+XC2hwTSrkO/v8DUPXpchdHygCeMWc0 M4E6SOz8kPRJYdwTXOkF2lY=3D =3Dz7l7 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BC7C33B.9000107>