Date: Sun, 2 Apr 2006 15:56:58 -0400 From: Kris Kennaway <kris@obsecurity.org> To: "Marc G. Fournier" <scrappy@hub.org> Cc: freebsd-stable@freebsd.org, Kris Kennaway <kris@obsecurity.org> Subject: Re: [FreeBSD 6] semctl broken compared to 4-STABLE ... Message-ID: <20060402195657.GA57843@xor.obsecurity.org> In-Reply-To: <20060402165234.Y947@ganymede.hub.org> References: <20060402144704.S947@ganymede.hub.org> <20060402191519.GA56599@xor.obsecurity.org> <20060402162612.N947@ganymede.hub.org> <20060402193808.GA57127@xor.obsecurity.org> <20060402165234.Y947@ganymede.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--AhhlLboLdkugWU4S Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Apr 02, 2006 at 04:54:32PM -0300, Marc G. Fournier wrote: > On Sun, 2 Apr 2006, Kris Kennaway wrote: >=20 > >On Sun, Apr 02, 2006 at 04:32:31PM -0300, Marc G. Fournier wrote: > >>On Sun, 2 Apr 2006, Kris Kennaway wrote: > >> > >>>On Sun, Apr 02, 2006 at 02:55:39PM -0300, Marc G. Fournier wrote: > >>>> > >>>>Back in April '05, someone posted a thread about PostgreSQL within=20 > >>>>FreeBSD > >>>>jails: > >>>> > >>>>http://unix.derkeiler.com/Mailing-Lists/FreeBSD/stable/2005-04/0837.h= tml > >>>> > >>>>At the time (and to date) I reported that I was running several=20 > >>>>PostgreSQL > >>>>daemons, all on the same port, using FreeBSD 4.x, and all within a ja= il > >>>>each ... and I continue to do this without any problems ... > >>>> > >>>>Today, on our new FreeBSD 6.x machine, I am now experiencing the same > >>>>problem that Alexander originally reported ... > >>>> > >>>>Its not PostgreSQL related ... I'm running 4x7.4 servers on a FreeBSD= =20 > >>>>4.x > >>>>box, all on the same port ... here, I'm trying to run 2x7.4 servers o= n a > >>>>FreeBSD RELENG_6 box ... > >>>> > >>>>So, something has changed with FreeBSD 6's (and, according to the abo= ve > >>>>thread, 5's) use of shared memory and semaphores that is breaking the > >>>>ability to do this ... something that did work as hoped in FreeBSD 4 = ... > >>> > >>>See jail(8)? > >> > >>If you are referring to: > >> > >> security.jail.sysvipc_allowed > >> This MIB entry determines whether or not processes within a j= ail > >> have access to System V IPC primitives. In the current jail > >> imple- > >> mentation, System V primitives share a single namespace acros= s=20 > >> the > >> host and jail environments, meaning that processes within a j= ail > >> would be able to communicate with (and potentially interfere= =20 > >> with) > >> processes outside of the jail, and in other jails. As such,= =20 > >> this > >> functionality is disabled by default, but can be enabled by > >> setting > >> this MIB entry to 1. > >> > >>That wording hasn't changed since FreeBSD4.x, so you are saying that > >>FreeBSD6.x has become *less* stable/secure in this regard then FreeBSD = 4.x > >>was? Seems an odd direction to go ... > > > >No, as you say the wording hasn't changed: "meaning that processes > >within a jail would be able to communicate with (and potentially > >interfere with) processes outside of the jail, and in other jails.". > >It looks like your postgresql's are doing this. >=20 > Right, but why are they doing it *consistently* in FreeBSD 6.x, when they= =20 > never did it in FreeBSD 4.x? I have postmaster processes running on the= =20 > FreeBSD box as far back as November 27th, 2005 ... and have *never*=20 > experienced this problem ... so it isn't PostgreSQL that has changed,=20 > something in FreeBSD has changed :( You'll need to do some debugging to find out which of the two causes of EINVAL are true here (or some undocumented cause). Kris --AhhlLboLdkugWU4S Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFEMCyJWry0BWjoQKURAo6YAJ4lpsCv3BUrdx6TJMJPnWIcMt0tSQCdFLNA hT2qFT+xTmTvU0wJW3WWxAk= =asr4 -----END PGP SIGNATURE----- --AhhlLboLdkugWU4S--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060402195657.GA57843>