Date: Sun, 2 Apr 2006 16:54:32 -0300 (ADT) From: "Marc G. Fournier" <scrappy@hub.org> To: Kris Kennaway <kris@obsecurity.org> Cc: freebsd-stable@freebsd.org Subject: Re: [FreeBSD 6] semctl broken compared to 4-STABLE ... Message-ID: <20060402165234.Y947@ganymede.hub.org> In-Reply-To: <20060402193808.GA57127@xor.obsecurity.org> References: <20060402144704.S947@ganymede.hub.org> <20060402191519.GA56599@xor.obsecurity.org> <20060402162612.N947@ganymede.hub.org> <20060402193808.GA57127@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 2 Apr 2006, Kris Kennaway wrote: > On Sun, Apr 02, 2006 at 04:32:31PM -0300, Marc G. Fournier wrote: >> On Sun, 2 Apr 2006, Kris Kennaway wrote: >> >>> On Sun, Apr 02, 2006 at 02:55:39PM -0300, Marc G. Fournier wrote: >>>> >>>> Back in April '05, someone posted a thread about PostgreSQL within FreeBSD >>>> jails: >>>> >>>> http://unix.derkeiler.com/Mailing-Lists/FreeBSD/stable/2005-04/0837.html >>>> >>>> At the time (and to date) I reported that I was running several PostgreSQL >>>> daemons, all on the same port, using FreeBSD 4.x, and all within a jail >>>> each ... and I continue to do this without any problems ... >>>> >>>> Today, on our new FreeBSD 6.x machine, I am now experiencing the same >>>> problem that Alexander originally reported ... >>>> >>>> Its not PostgreSQL related ... I'm running 4x7.4 servers on a FreeBSD 4.x >>>> box, all on the same port ... here, I'm trying to run 2x7.4 servers on a >>>> FreeBSD RELENG_6 box ... >>>> >>>> So, something has changed with FreeBSD 6's (and, according to the above >>>> thread, 5's) use of shared memory and semaphores that is breaking the >>>> ability to do this ... something that did work as hoped in FreeBSD 4 ... >>> >>> See jail(8)? >> >> If you are referring to: >> >> security.jail.sysvipc_allowed >> This MIB entry determines whether or not processes within a jail >> have access to System V IPC primitives. In the current jail >> imple- >> mentation, System V primitives share a single namespace across the >> host and jail environments, meaning that processes within a jail >> would be able to communicate with (and potentially interfere with) >> processes outside of the jail, and in other jails. As such, this >> functionality is disabled by default, but can be enabled by >> setting >> this MIB entry to 1. >> >> That wording hasn't changed since FreeBSD4.x, so you are saying that >> FreeBSD6.x has become *less* stable/secure in this regard then FreeBSD 4.x >> was? Seems an odd direction to go ... > > No, as you say the wording hasn't changed: "meaning that processes > within a jail would be able to communicate with (and potentially > interfere with) processes outside of the jail, and in other jails.". > It looks like your postgresql's are doing this. Right, but why are they doing it *consistently* in FreeBSD 6.x, when they never did it in FreeBSD 4.x? I have postmaster processes running on the FreeBSD box as far back as November 27th, 2005 ... and have *never* experienced this problem ... so it isn't PostgreSQL that has changed, something in FreeBSD has changed :( # ps aux | grep postmaster | egrep -v "postmaster:" | grep -- -D pgsql 16135 0.0 0.1 17480 3572 ?? SsJ Fri01AM 0:09.52 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres) pgsql 39518 0.0 0.1 17132 2920 ?? SsJ Mon12AM 0:05.96 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres) scrappy 83192 0.0 0.3 155164 11368 ?? SsJ 25Mar06 46:11.12 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres) scrappy 51478 0.0 0.0 17076 1612 ?? SsJ 31Jan06 2:38.68 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres) scrappy 18356 0.0 0.1 81320 2000 ?? SsJ 24Jan06 56:57.87 /usr/local/bin/postmaster -D /usr/local/pgsql/data -S (postgres) pgsql 98241 0.0 0.0 7932 704 ?? SsJ 23Jan06 1:38.18 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres) pgsql 84427 0.0 0.1 144332 4756 ?? SsJ 16Dec05 4:58.66 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres) pgsql 14497 0.0 0.0 8572 1100 ?? SsJ 12Dec05 4:43.22 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres) pgsql 5254 0.0 0.0 16768 1456 ?? SsJ 27Nov05 1:31.52 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres) pgsql 4893 0.0 0.0 7948 884 ?? SsJ 27Nov05 2:08.26 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres) pgsql 4850 0.0 0.0 7480 772 ?? SsJ 27Nov05 1:22.59 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres) pgsql 4627 0.0 0.0 7976 912 ?? SJ 27Nov05 1:24.76 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres) pgsql 4537 0.0 0.0 8224 860 ?? SsJ 27Nov05 1:39.05 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres) pgsql 1972 0.0 0.0 7948 1016 ?? SsJ 27Nov05 2:11.52 /usr/local/bin/postmaster -D /usr/local/pgsql/data (postgres) scrappy 1453 0.0 0.1 77804 4516 ?? SsJ 27Nov05 39:56.76 /usr/local/bin/postmaster -D /usr/local/pgsql/data -S (postgres) scrappy 1019 0.0 0.0 14672 908 ?? SsJ 27Nov05 3:03.65 /usr/local/pgsql/bin/postmaster -D /usr/local/pgsql/data -S (postgres) scrappy 287 0.0 0.1 76128 3112 ?? SsJ 27Nov05 20:50.48 /usr/local/bin/postmaster -D /usr/local/pgsql/data -S (postgres) ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060402165234.Y947>