From owner-freebsd-stable@FreeBSD.ORG  Mon Apr  3 22:10:42 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4C1C216A420;
	Mon,  3 Apr 2006 22:10:42 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3431F43D49;
	Mon,  3 Apr 2006 22:10:41 +0000 (GMT)
	(envelope-from rwatson@FreeBSD.org)
Received: from fledge.watson.org (fledge.watson.org [209.31.154.41])
	by cyrus.watson.org (Postfix) with ESMTP id 37BA146B0A;
	Mon,  3 Apr 2006 18:10:39 -0400 (EDT)
Date: Mon, 3 Apr 2006 23:10:39 +0100 (BST)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: "Marc G. Fournier" <scrappy@postgresql.org>
In-Reply-To: <20060403144916.J947@ganymede.hub.org>
Message-ID: <20060403230850.P76562@fledge.watson.org>
References: <Pine.GSO.4.43.0604030817090.21105-100000@sea.ntplx.net>
	<20060403140902.C947@ganymede.hub.org>
	<20060403182504.S76562@fledge.watson.org>
	<20060403144916.J947@ganymede.hub.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: Daniel Eischen <deischen@freebsd.org>, freebsd-stable@freebsd.org,
	Andrew Thompson <thompsa@freebsd.org>, Kris Kennaway <kris@obsecurity.org>
Subject: Re: [HACKERS] semaphore usage "port based"?
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Apr 2006 22:10:42 -0000


On Mon, 3 Apr 2006, Marc G. Fournier wrote:

>> The problem here is actually that two postgres instances are trying to use 
>> the same sempahore when they are actually different postgres instances.
>
> No, the problem here is that kill(PID, 0) reports that a PID is 'not in use' 
> when, in fact, it is, but in a different jail ... can someone explain to me 
> how 'not hiding that fact' increases information leakage, or causes a 
> security problem?  I could see it if I could then proceed to kill that 
> process from a seperate jail, but I don't see what as possible ...

So if it's using a different semaphore, why is it finding the semaphore of 
another Postgres session and trying to use that?  The problem you're 
describing is a property of a collision on a semaphore.  If there's no 
semaphore collision, how would it ever find the pid from another jail?

Robert N M Watson