From owner-freebsd-security@FreeBSD.ORG Tue Jan 23 12:43:39 2007 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2EB1416A402; Tue, 23 Jan 2007 12:43:39 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl [83.17.198.132]) by mx1.freebsd.org (Postfix) with ESMTP id 45A0B13C4A7; Tue, 23 Jan 2007 12:43:38 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id C7A9B487FF; Tue, 23 Jan 2007 13:43:35 +0100 (CET) Received: from localhost (pjd.wheel.pl [10.0.1.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id 5F41A45684; Tue, 23 Jan 2007 13:43:27 +0100 (CET) Date: Tue, 23 Jan 2007 13:42:48 +0100 From: Pawel Jakub Dawidek To: Alexander Leidinger Message-ID: <20070123124247.GC11767@garage.freebsd.pl> References: <200701111841.l0BIfWOn015231@freefall.freebsd.org> <45A6DB76.40800@freebsd.org> <20070113112937.GI90718@garage.freebsd.pl> <20070120122432.GA971@zaphod.nitro.dk> <20070120130308.GD6697@garage.freebsd.pl> <20070120152423.3195b15b@Magellan.Leidinger.net> <20070123113444.GB11767@garage.freebsd.pl> <20070123132508.oy4elyx7kkogokkg@webmail.leidinger.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ZwgA9U+XZDXt4+m+" Content-Disposition: inline In-Reply-To: <20070123132508.oy4elyx7kkogokkg@webmail.leidinger.net> X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 User-Agent: mutt-ng/devel-r804 (FreeBSD) X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-5.9 required=3.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.0.4 Cc: freebsd-security@FreeBSD.org, freebsd-stable@FreeBSD.org, Colin Percival , "Simon L. Nielsen" Subject: Re: Improving FreeBSD-SA-07:01.jail fix [was: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jan 2007 12:43:39 -0000 --ZwgA9U+XZDXt4+m+ Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 23, 2007 at 01:25:08PM +0100, Alexander Leidinger wrote: > Quoting Pawel Jakub Dawidek (from Tue, 23 Jan 2007 12:3= 4:44 +0100): > >It looks like it may work, but I still find it a bit risky. If sh(1) can > >reopen the file under some conditions or someone in the future will > >modify sh(1) in that way (because he won't be aware that such a change > >may have impact on system security) we will have a security hole. > >Chances are small, but I'm not going to be the one who will accept that > >change:) >=20 > The spawned subshell is like a command. It doesn't make sense to reopen t= he file for a command. It's like saying we open and close the file for each= line. I didn't=20 > calculated the probability of this to happen, but I would be very surpris= ed if it is significant. Just think about the performance of such behavior = (or a more complex logic=20 > [...] And if you think about such unlikely stuff to happen, you should al= so think about some other stuff we are not prepared to=20 > survive. [...] Come on, this argument always stands. I only wanted to point out that we should be extra careful with building security on top of tools that are not intended for this purpose. > [...] But feel free to propose a better solution for the problem. The solution was proposed already - keep console.log outside of jail. Don't read my comment as a "no" vote for your solution. If secteam@ decide there is nothing to be worry about - fine by me. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --ZwgA9U+XZDXt4+m+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFFtgLHForvXbEpPzQRAnjAAJ9ueKbsFjJFL0MTvyM7I7zDpXo3PgCeJY9t /DVf7IrfkNtREpzBhkLsXEY= =ndf4 -----END PGP SIGNATURE----- --ZwgA9U+XZDXt4+m+--