Date: Wed, 07 Jun 2006 01:05:54 +0100 From: Florent Thoumie <flz@FreeBSD.org> To: Dirk Engling <erdgeist@erdgeist.org> Cc: matteo@FreeBSD.org, freebsd-rc <freebsd-rc@freebsd.org>, deyan.dyankov@gmail.com Subject: Re: New feature exec_afterstart Message-ID: <1149638754.7125.8.camel@localhost> In-Reply-To: <448604F0.9070406@erdgeist.org> References: <448604F0.9070406@erdgeist.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-Gk/hHI4x9/UgF3+9Cp8A Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2006-06-07 at 00:42 +0200, Dirk Engling wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >=20 > Hello, >=20 > while incorporating some of the jail options grouping stuff into > /etc/rc.d/jail I noticed the introduction of a new feature called > "exec_afterstart". >=20 > This has not been discussed here on list but yet was introduced in 1.34 > and is going to be MFCed somewhere around soon. >=20 > When googling around I found this: > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D97697 >=20 > I do not see, what this approach yields that cannot simply be > accomplished by a second jail on the same jailroot/IP-combination, > correct me, if I am wrong. Further I can not see, what /bin/sh > introduces in terms of system (in)security that will not happen to you > if you have syscalls. The /bin/sh thing seemed discutable to me but I didn't investigate enough to ask for backout. > The patch introduces the same ugly enumeration style that already sucks > in the ifconfig rc script and should be deprecated. Correct me, if I am > wrong. >=20 > So I'd strongly vote to not to MFC but rather remove this feature. It still can be discussed now. > Btw.: Where do these kinds of discussions normally take place? I mean > before things are committed. Here and in gnats. See conf and rc PRs. PS: Matteo and submitter CC'ed. --=20 Florent Thoumie flz@FreeBSD.org FreeBSD Committer --=-Gk/hHI4x9/UgF3+9Cp8A Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQBEhhhiMxEkbVFH3PQRAmByAKCQLEG8xG3cNbub8thqAg9MoAKuVQCbBT2f TnvEnZX0z9SWf+TMukAiwu4= =Ioq3 -----END PGP SIGNATURE----- --=-Gk/hHI4x9/UgF3+9Cp8A--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1149638754.7125.8.camel>