From owner-freebsd-security@FreeBSD.ORG Wed Apr 30 11:09:31 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B91E8C1 for ; Wed, 30 Apr 2014 11:09:31 +0000 (UTC) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "ca.infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 630FE11AB for ; Wed, 30 Apr 2014 11:09:31 +0000 (UTC) Received: from ox-dell39.ox.adestra.com (no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged)) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.8/8.14.8) with ESMTP id s3UB9FNl099557 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Wed, 30 Apr 2014 12:09:20 +0100 (BST) (envelope-from matthew@freebsd.org) DKIM-Filter: OpenDKIM Filter v2.8.3 smtp.infracaninophile.co.uk s3UB9FNl099557 Authentication-Results: smtp.infracaninophile.co.uk/s3UB9FNl099557; dkim=none reason="no signature"; dkim-adsp=none X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged) claimed to be ox-dell39.ox.adestra.com Message-ID: <5360D9CF.6000103@freebsd.org> Date: Wed, 30 Apr 2014 12:09:03 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:07.devfs References: <201404300435.s3U4ZA45093722@freefall.freebsd.org> In-Reply-To: <201404300435.s3U4ZA45093722@freefall.freebsd.org> X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="2PK2AXvijDGFIqERQB1mk36GOmfLmqsmP" X-Virus-Scanned: clamav-milter 0.98.1 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-1.0 required=5.0 tests=AWL,BAYES_00,RDNS_NONE, SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lucid-nonsense.infracaninophile.co.uk X-Mailman-Approved-At: Wed, 30 Apr 2014 12:41:20 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Apr 2014 11:09:31 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --2PK2AXvijDGFIqERQB1mk36GOmfLmqsmP Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 04/30/14 05:35, FreeBSD Security Advisories wrote: > Then apply the default ruleset for jails on a devfs mount using: >=20 > devfs -m ${devfs_mountpoint} rule -s 4 applyset >=20 > Or, alternatively, the following command will apply the ruleset over al= l devfs > mountpoints except the host one: >=20 > mount -t devfs | grep -v '^devfs on /dev ' | awk '{print $3;}' | \ > xargs -n 1 -J % devfs -m % rule -s 4 applyset >=20 > After this, the system administrator should add the following configura= tion > to /etc/rc.conf to make it permanent, so the above operations do not ha= ve > to be done each time the host system reboots. >=20 > devfs_load_rulesets=3D"YES" >=20 Verb. Sap. Doing this in a jail where you're running net-snmpd will prevent snmpd from starting up correctly. Apr 30 12:02:30 xxxxx snmpd[33871]: init_kmem: kvm_openfiles failed: /dev/mem: No such file or directory Apr 30 12:02:30 xxxxx snmpd[33871]: Agent initialization failed Cheers, Matthew --2PK2AXvijDGFIqERQB1mk36GOmfLmqsmP Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTYNnaXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTnMAgP/3aGdt4LGLa8c5q+AAKR+1j6 FUGVLCVEhH5V1uDOTopXcsRUPBFDGmXGCtLEji21tHOu39fDis2zMBTsvonfReJE 5htGoJDWAQqqLUfep97BiN9Hh9kw+lqn26i2i3vDHjgk3Dmp5r0UGVa9FatLyLuL j/rVynFVf/+fotP4nXon4OoMw8f9PXGpujuzrL95s4VSNtORdW4zyep5NQaOhJ5r Lc8UPvGn9mEeWe07bXB3BRGVyevqNW7OmKrZKVwTRNaVVgYQn60f43iJ+FKkiS8B s/fJ3GJh0KxaMuNMqGXP5Eglg06S5Y53SXPkZNnZVnIISKd9Rl6XbXLjaQuaNuna OxlB/gvba0gNC1GmP+ZA82F1wpFDTWHvRa6d1d5lSQNtmh28dacn69EupMuzghEm UIPIb3y/TGqapItxpsh/WYgPS6tXTpyMamIMKCJTkzTW6pfejuEO4Tn5n4SkZRCx GwnCmjDdbJUH9zLOkmYN3M3NxV+7xWCVX+mMF2O9D+np1/8zkHt0WDWoAISYf1P/ uS7kudfTeFqpxQH0bu0mZUIsl4ztay7+ICUUMpC1csg6w0P+jK3WNRZO2qUYHH04 dtD/Eb40TVedbPVSm5eNCqqUY4+93JtDo2xolQmo2opHcXpPwkQPt3nvqwdd9RBQ elHWMBFy0kfTB6l/f+20 =RA2A -----END PGP SIGNATURE----- --2PK2AXvijDGFIqERQB1mk36GOmfLmqsmP--