From owner-freebsd-stable@FreeBSD.ORG Fri Jul 27 09:41:43 2007 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 74DBD16A41B for ; Fri, 27 Jul 2007 09:41:43 +0000 (UTC) (envelope-from info@plot.uz) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.173]) by mx1.freebsd.org (Postfix) with ESMTP id CEA4413C4D3 for ; Fri, 27 Jul 2007 09:41:42 +0000 (UTC) (envelope-from info@plot.uz) Received: by ug-out-1314.google.com with SMTP id o4so758065uge for ; Fri, 27 Jul 2007 02:41:41 -0700 (PDT) Received: by 10.82.126.5 with SMTP id y5mr2267698buc.1185527587818; Fri, 27 Jul 2007 02:13:07 -0700 (PDT) Received: from plot.uz ( [83.221.169.211]) by mx.google.com with ESMTPS id f7sm11094705nfh.2007.07.27.02.12.46 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 27 Jul 2007 02:13:07 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=ham version=3.1.7 X-Spam-Report: Received: from localhost by plot.uz (MDaemon PRO v9.5.5) with DomainPOP id md50000004065.msg for ; Fri, 27 Jul 2007 14:11:54 +0500 Delivered-To: aleksey@plot.uz Received: by 10.100.111.17 with SMTP id j17cs18757anc; Fri, 27 Jul 2007 02:08:26 -0700 (PDT) Received: by 10.115.74.1 with SMTP id b1mr2704417wal.1185527305349; Fri, 27 Jul 2007 02:08:25 -0700 (PDT) Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by mx.google.com with ESMTP id j21si4071796wah.2007.07.27.02.08.24; Fri, 27 Jul 2007 02:08:25 -0700 (PDT) Received-SPF: pass (google.com: domain of owner-freebsd-security@freebsd.org designates 69.147.83.53 as permitted sender) Received: from hub.freebsd.org (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 9D34A5DD1F; Fri, 27 Jul 2007 09:07:23 +0000 (UTC) (envelope-from owner-freebsd-security@freebsd.org) Received: from hub.freebsd.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 948A716A4D0; Fri, 27 Jul 2007 09:07:23 +0000 (UTC) (envelope-from owner-freebsd-security@freebsd.org) Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8CBFC16A418 for ; Fri, 27 Jul 2007 09:07:15 +0000 (UTC) (envelope-from simon@benji.nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.freebsd.org (Postfix) with ESMTP id 0356F13C467 for ; Fri, 27 Jul 2007 09:07:14 +0000 (UTC) (envelope-from simon@benji.nitro.dk) Received: from benji.nitro.dk (unknown [192.168.3.39]) by mx.nitro.dk (Postfix) with ESMTP id 6FED92DF4B4; Fri, 27 Jul 2007 09:07:13 +0000 (UTC) Received: by benji.nitro.dk (Postfix, from userid 2000) id 3E949FD58; Fri, 27 Jul 2007 11:07:30 +0200 (CEST) Date: Fri, 27 Jul 2007 11:07:29 +0200 To: Joel Hatton Message-ID: <20070727090729.GA1004@zaphod.nitro.dk> References: <45A7034B.3070002@h3q.com> <200707270712.l6R7CYs4064783@app.auscert.org.au> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="GRPZ8SYKNexpdSJ7" Content-Disposition: inline In-Reply-To: <200707270712.l6R7CYs4064783@app.auscert.org.au> User-Agent: Mutt/1.5.16 (2007-06-09) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Errors-To: owner-freebsd-security@freebsd.org X-Return-Path: owner-freebsd-security@freebsd.org X-Envelope-From: owner-freebsd-security@freebsd.org X-MDaemon-Deliver-To: freebsd-stable@freebsd.org X-Spam-Processed: plot.uz, Fri, 27 Jul 2007 14:11:56 +0500 From: "Simon L. Nielsen" Cc: freebsd-security@freebsd.org, freebsd-stable@freebsd.org Subject: Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail X-BeenThere: freebsd-stable@freebsd.org List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jul 2007 09:41:43 -0000 --GRPZ8SYKNexpdSJ7 Content-Type: multipart/mixed; boundary="Qxx1br4bt0+wmkIi" Content-Disposition: inline --Qxx1br4bt0+wmkIi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2007.07.27 17:12:34 +1000, Joel Hatton wrote: > I'm dredging up an old issue here, but it appears to be unresolved in > RELENG_5_5 at this time. After upgrading to 5.5-RELEASE-p14, I found that > my jails wouldn't start anymore, and it comes down to this bit again. By > way of explanation, I'll include the patch for what I changed. >=20 > --- /tmp/jail Wed Feb 14 15:16:30 2007 > +++ /etc/rc.d/jail Fri Jul 27 13:46:51 2007 > @@ -218,7 +218,7 @@ > { > local _device _mountpt _rest > =20 > - while read _device _mountpt _rest; do > + cat ${jail_fstab} | while read _device _mountpt _rest; do > case ":${_device}" in > :#* | :) > continue >=20 > In short, the jail_mount_fstab function is not given the fstab file on > which the local variables depend. My patch may not be the most robust but > for me today it is expedient. Hey, Yes, looking at the code now it is clearly wrong. Guess I/we (secteam) stared too much at the code so we missed this issue :-/. Your patch is very close to the "correct"/cleaner patch which is attached. How exactly does it fail without your patch? Does it say "cannot open : No such file or directory" and then no jails start when booting (that would be my guess from a quick check of the bug)? Would it be possible for you to test the attached patch and see if it fixes the issue for you? > Sorry if this has been discussed already, but I was surprised that this > hadn't been fixed yet. It certainly would have caused some anxious moments > if I'd upgraded a prod server with multiple jails before I realised! I haven't heard of this issue before, so not many people are using 5.5 with jails. The bug was certainly introduced as a merge error in the with the patch for FreeBSD-SA-07:01.jail. As this is clearly a bug in a Security Advisory patch and RELENG_5 / RELENG_5_5 are still supported I expect that an updated advisory will be released to fix this bug shortly. Thanks for reporting the issue, and sorry about the bad patch :-(. --=20 Simon L. Nielsen Hat: FreeBSD Security Team and pointyhat --Qxx1br4bt0+wmkIi Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=jail5_11 Content-Transfer-Encoding: quoted-printable Index: jail =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/etc/rc.d/jail,v retrieving revision 1.15.2.5.2.1 diff -u -d -r1.15.2.5.2.1 jail --- jail 11 Jan 2007 18:19:33 -0000 1.15.2.5.2.1 +++ jail 27 Jul 2007 08:49:37 -0000 @@ -228,7 +228,7 @@ warn "${_mountpt} has symlink as parent - not mounting from ${jail_fsta= b}" return fi - done <${_fstab} + done <${jail_fstab} mount -a -F "${jail_fstab}" } =20 --Qxx1br4bt0+wmkIi-- --GRPZ8SYKNexpdSJ7 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGqbXQBJx0gP90kKsRAoYcAJ459927vr4qhpGPmduiQQ0DS8sYuQCeJNPh 2HnAMtOU/KKZw6z0kLCDU7U= =D8WS -----END PGP SIGNATURE----- --GRPZ8SYKNexpdSJ7--