From owner-freebsd-rc@FreeBSD.ORG Wed Jun 7 00:24:58 2006 Return-Path: X-Original-To: freebsd-rc@freebsd.org Delivered-To: freebsd-rc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 08B0416BF8A; Wed, 7 Jun 2006 00:06:26 +0000 (UTC) (envelope-from flz@FreeBSD.org) Received: from smtp.xbsd.org (xbsd.org [82.233.2.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id 579C443D46; Wed, 7 Jun 2006 00:06:26 +0000 (GMT) (envelope-from flz@FreeBSD.org) Received: from localhost (localhost.xbsd.org [127.0.0.1]) by smtp.xbsd.org (Postfix) with ESMTP id CBD0A1172F; Wed, 7 Jun 2006 02:06:24 +0200 (CEST) Received: from smtp.xbsd.org ([127.0.0.1]) by localhost (srv1.xbsd.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 64602-01; Wed, 7 Jun 2006 02:06:01 +0200 (CEST) Received: from cream.stl.xbsd.org (unknown [193.120.13.130]) by smtp.xbsd.org (Postfix) with ESMTP id ACF2A1148C; Wed, 7 Jun 2006 02:05:59 +0200 (CEST) From: Florent Thoumie To: Dirk Engling In-Reply-To: <448604F0.9070406@erdgeist.org> References: <448604F0.9070406@erdgeist.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-Gk/hHI4x9/UgF3+9Cp8A" Date: Wed, 07 Jun 2006 01:05:54 +0100 Message-Id: <1149638754.7125.8.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.6.1 FreeBSD GNOME Team Port X-Virus-Scanned: amavisd-new at xbsd.org Cc: matteo@FreeBSD.org, freebsd-rc , deyan.dyankov@gmail.com Subject: Re: New feature exec_afterstart X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Jun 2006 00:25:00 -0000 --=-Gk/hHI4x9/UgF3+9Cp8A Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2006-06-07 at 00:42 +0200, Dirk Engling wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >=20 > Hello, >=20 > while incorporating some of the jail options grouping stuff into > /etc/rc.d/jail I noticed the introduction of a new feature called > "exec_afterstart". >=20 > This has not been discussed here on list but yet was introduced in 1.34 > and is going to be MFCed somewhere around soon. >=20 > When googling around I found this: > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D97697 >=20 > I do not see, what this approach yields that cannot simply be > accomplished by a second jail on the same jailroot/IP-combination, > correct me, if I am wrong. Further I can not see, what /bin/sh > introduces in terms of system (in)security that will not happen to you > if you have syscalls. The /bin/sh thing seemed discutable to me but I didn't investigate enough to ask for backout. > The patch introduces the same ugly enumeration style that already sucks > in the ifconfig rc script and should be deprecated. Correct me, if I am > wrong. >=20 > So I'd strongly vote to not to MFC but rather remove this feature. It still can be discussed now. > Btw.: Where do these kinds of discussions normally take place? I mean > before things are committed. Here and in gnats. See conf and rc PRs. PS: Matteo and submitter CC'ed. --=20 Florent Thoumie flz@FreeBSD.org FreeBSD Committer --=-Gk/hHI4x9/UgF3+9Cp8A Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQBEhhhiMxEkbVFH3PQRAmByAKCQLEG8xG3cNbub8thqAg9MoAKuVQCbBT2f TnvEnZX0z9SWf+TMukAiwu4= =Ioq3 -----END PGP SIGNATURE----- --=-Gk/hHI4x9/UgF3+9Cp8A--