From owner-freebsd-stable@FreeBSD.ORG Sat Jan 20 13:54:03 2007 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E43B116A402; Sat, 20 Jan 2007 13:54:03 +0000 (UTC) (envelope-from simon@zaphod.nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.freebsd.org (Postfix) with ESMTP id EE3CD13C457; Sat, 20 Jan 2007 13:54:02 +0000 (UTC) (envelope-from simon@zaphod.nitro.dk) Received: from zaphod.nitro.dk (unknown [192.168.3.39]) by mx.nitro.dk (Postfix) with ESMTP id 1236A2D4951; Sat, 20 Jan 2007 13:54:02 +0000 (UTC) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id 0C6941141E; Sat, 20 Jan 2007 14:54:02 +0100 (CET) Date: Sat, 20 Jan 2007 14:54:02 +0100 From: "Simon L. Nielsen" To: Pawel Jakub Dawidek Message-ID: <20070120135401.GB971@zaphod.nitro.dk> References: <200701111841.l0BIfWOn015231@freefall.freebsd.org> <45A6DB76.40800@freebsd.org> <20070113112937.GI90718@garage.freebsd.pl> <20070120122432.GA971@zaphod.nitro.dk> <20070120130308.GD6697@garage.freebsd.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070120130308.GD6697@garage.freebsd.pl> User-Agent: Mutt/1.5.11 Cc: freebsd-security@freebsd.org, freebsd-stable@freebsd.org, Colin Percival Subject: Re: Improving FreeBSD-SA-07:01.jail fix [was: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Jan 2007 13:54:04 -0000 On 2007.01.20 14:03:08 +0100, Pawel Jakub Dawidek wrote: > On Sat, Jan 20, 2007 at 01:24:33PM +0100, Simon L. Nielsen wrote: > [...] > > BTW. with regard to the console.log file I really don't think it > > should be put back inside the jail unless it's possible to make the > > generation of the file entirely inside the jail since it's just not > > worth the risk/complexity. I think it should be possible to do this > > with jail(8) in -CURRENT (see -J flag), but: > > When -J operates on a file inside a jail, it create the same security > hole as the one from security advisory, because it opens a file before > calling jail(2). My thought with using -J was not place the info about jid in a file outside the jail root, basically (pseudo code): _tmpfile=`mktemp...` jail -J $_tmpfile "sh /etc/rc > /var/log/console.log" _jid=`cat $_tmpfile | something` At least that was what I thought might be possible with the -J switch when I noticed it existed. In any case, actually coding this, verifying that it works and is safe is left up to anyone who cares about having console.log inside the jail. -- Simon L. Nielsen