Date: Mon, 3 Apr 2006 15:41:28 -0400 (EDT) From: Daniel Eischen <deischen@freebsd.org> To: "Marc G. Fournier" <scrappy@hub.org> Cc: Peter Jeremy <peterjeremy@optushome.com.au>, freebsd-stable@freebsd.org Subject: Re: [HACKERS] semaphore usage "port based"? Message-ID: <Pine.GSO.4.43.0604031537190.22397-100000@sea.ntplx.net> In-Reply-To: <20060403163039.O947@ganymede.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 3 Apr 2006, Marc G. Fournier wrote: > On Mon, 3 Apr 2006, Daniel Eischen wrote: > > > > > Or: > > > > 3) Run postgres in such a way that it doesn't look for > > remnant IPC information from other instances (use a > > per-jail-specific port #?). > > > > Postgres has no business cleaning up after different jailed > > instances of itself, which it wouldn't do if IPC's were > > per-jail. So since IPC's don't currently work that way, > > account for it by the way you run postgres. > > This falls under "well,we broke kill() so that it now reports a PID is not > in use even though it is, so its has to be the application that fixes it" No, kill is performing as it should. Se Robert's other response regarding sendmail. > ... and you *still* haven't shown *why* kill() reporting a PID is in use, > even if its not in the current jail, is such a security threat ... For reducing attacks I suppose. But conceptually, something running in a jail shouldn't be allowed to see out. -- DE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.43.0604031537190.22397-100000>