Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 16 Apr 2010 04:20:26 -0600
From:      "Erich Jenkins, Fuujin Group Ltd" <erich@fuujingroup.com>
To:        glarkin@FreeBSD.org
Cc:        freebsd-bugs@freebsd.org, freebsd-jail@freebsd.org, smithi@nimnet.asn.au
Subject:   Re: jail file and directory permissions
Message-ID:  <4BC839EA.30307@fuujingroup.com>
In-Reply-To: <4BC7C33B.9000107@FreeBSD.org>
References:  <4BC2C578.9080108@fuujingroup.com>	<i2l8250ac3f1004120043ga734bbe0s952dda5712ea38a5@mail.gmail.com>	<4BC2E662.1050007@fuujingroup.com>	<4BC31B31.6060201@FreeBSD.org> <4BC3A948.7010601@fuujingroup.com> <4BC4C91D.7020107@fuujingroup.com> <4BC7C33B.9000107@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Greg Larkin wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Erich Jenkins, Fuujin Group Ltd wrote:
>> Erich Jenkins, Fuujin Group Ltd wrote:
>>> Greg Larkin wrote:
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> Erich Jenkins, Fuujin Group Ltd wrote:
>>>>> Kalle Møller wrote:
>>>>> <snip>
>>>>>> Could you please make a command list on what your doing and with
>>>>>> output.. like this ...
>>>>>>
>>>>>> -- 
>> <snip>
> 
> Hi Erich,
> 
> I'm glad to hear that you got everything sorted out!  If it's possible
> to set up the previous environment in a virtual machine or some spare
> hardware and grant me an ssh login, I would be interested in doing more
> tests to see if I can figure out what's going on.
> 
> Whether there's a bug in the jail subsystem or a hole in the
> provisioning process that allows the privilege escalation, it would
> certainly be good to find the root cause.
> 
> Thank you,
> Greg
> - --
> Greg Larkin
> 
> http://www.FreeBSD.org/           - The Power To Serve
> http://www.sourcehosting.net/     - Ready. Set. Code.
> http://twitter.com/sourcehosting/ - Follow me, follow you
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> 
> iD8DBQFLx8M70sRouByUApARAnpwAJ0f2+XC2hwTSrkO/v8DUPXpchdHygCeMWc0
> M4E6SOz8kPRJYdwTXOkF2lY=
> =z7l7
> -----END PGP SIGNATURE-----
> 
Greg:

I'd be happy to get this set up in the lab for you to look at, but at 
the moment, all of our lab machines are in use (I rolled this box over 
to a community project after buildworld "cleaned" it up). I try to 
provide hardware resources to FreeBSD committers and developers hunting 
down problems, and at the moment, I'm at the limit, there's no hardware 
left.

As soon as something becomes available, I'll drop you a line and get 
this onto a test server. Generally, I create a VRF for each test 
environment with outside access via ssh and an internet connection for 
fetching whatever may be necessary (most often 10mbps). OpenVPN access 
is also available depending on what the committer/developer wants.

Thank you again for your interest in this anomaly (for lack of a better 
description). I'll get something up for you as soon as a box becomes 
available. Any preference on platform (considering this did not seem to 
be platform dependent)? I can do sparc64, amd64/x86-64, itanium2, and 
i386/x86-32. The environment I'm experiencing the problem in is x86-32, 
and I think someone is almost done with a DL580-G3, so I can roll that 
out when it becomes available.


Erich M. Jenkins
Fuujin Group Limited


"You should never, never doubt what no one is sure about."
-- Gene Wilder



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BC839EA.30307>