From owner-freebsd-stable@FreeBSD.ORG Mon Apr 3 06:09:02 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2549216A401; Mon, 3 Apr 2006 06:09:02 +0000 (UTC) (envelope-from scrappy@postgresql.org) Received: from hub.org (hub.org [200.46.204.220]) by mx1.FreeBSD.org (Postfix) with ESMTP id 98DF343D45; Mon, 3 Apr 2006 06:09:01 +0000 (GMT) (envelope-from scrappy@postgresql.org) Received: from localhost (av.hub.org [200.46.204.144]) by hub.org (Postfix) with ESMTP id BAEBD823BAC; Mon, 3 Apr 2006 03:08:56 -0300 (ADT) Received: from hub.org ([200.46.204.220]) by localhost (av.hub.org [200.46.204.144]) (amavisd-new, port 10024) with ESMTP id 30944-03; Mon, 3 Apr 2006 03:08:54 -0300 (ADT) Received: from ganymede.hub.org (blk-222-82-85.eastlink.ca [24.222.82.85]) by hub.org (Postfix) with ESMTP id 5BB1A823AAA; Mon, 3 Apr 2006 03:08:52 -0300 (ADT) Received: by ganymede.hub.org (Postfix, from userid 1000) id 272553632A; Mon, 3 Apr 2006 03:08:53 -0300 (ADT) Received: from localhost (localhost [127.0.0.1]) by ganymede.hub.org (Postfix) with ESMTP id 263B53401D; Mon, 3 Apr 2006 03:08:53 -0300 (ADT) Date: Mon, 3 Apr 2006 03:08:52 -0300 (ADT) From: "Marc G. Fournier" X-X-Sender: scrappy@ganymede.hub.org To: Andrew Thompson In-Reply-To: <20060403055429.GC76193@heff.fud.org.nz> Message-ID: <20060403030831.Q947@ganymede.hub.org> References: <27417.1144033691@sss.pgh.pa.us> <20060403031157.GA57914@xor.obsecurity.org> <27515.1144034269@sss.pgh.pa.us> <20060403032130.GA58053@xor.obsecurity.org> <20060403002830.W947@ganymede.hub.org> <20060403034101.GA58429@xor.obsecurity.org> <20060403035911.GA76193@heff.fud.org.nz> <20060403011401.I947@ganymede.hub.org> <20060403043711.GB76193@heff.fud.org.nz> <20060403015547.M947@ganymede.hub.org> <20060403055429.GC76193@heff.fud.org.nz> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by amavisd-new at hub.org Cc: "Marc G. Fournier" , freebsd-stable@freebsd.org Subject: Re: [HACKERS] semaphore usage "port based"? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2006 06:09:02 -0000 On Mon, 3 Apr 2006, Andrew Thompson wrote: > On Mon, Apr 03, 2006 at 01:57:17AM -0300, Marc G. Fournier wrote: >> On Mon, 3 Apr 2006, Andrew Thompson wrote: >> >>> On Mon, Apr 03, 2006 at 01:23:59AM -0300, Marc G. Fournier wrote: >>>> >>>> in kern/kern_jail.c, I can see the prison_check() call ... wouldn't one >>>> want to make the change a bit further up? say in kern_prot.c? wouldn't >>>> you want to change just cr_cansignal() to allow *just* for 'case 0', when >>>> someone is just checking to see if a process is already running? I >>>> wouldn't want to be able to SIGKILL the process from a different jail, >>>> mind you ... maybe move the check for SIG0 to just before the >>>> prison_check, since, unless I'm missing something, other then determining >>>> that a process is, in fact, running, SIG0 is a benign signal? >>>> >>> >>> I think the suggestion was to make this EPERM rather than ESRCH to make >>> postgres a bit happier, not remove the check entirely. Im not familiar >>> with that part of the kernel at all, so I cant say what the consequences >>> will be apart from the obvious information leak. >> >> 'k, first question is 'what information leak' are we trying to protect >> from? to 'make postgres a bit happier', all that needs to be fixed, from >> what I can tell, is that cr_cansignal() needs to work for signal 0, but no >> other signals ... what risk of information leak does that create? > > By returning EPERM instead then the kernel is acknowledging that the pid > exists. In theory jails shouldnt be able to find out info about other > jails or the base system, postgres just relies on this. Ah, okay, I understand what you mean ... and yes, this would be perfect ... ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664