From owner-freebsd-stable@FreeBSD.ORG Mon Jul 30 05:13:59 2007 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5D87416A420 for ; Mon, 30 Jul 2007 05:13:59 +0000 (UTC) (envelope-from info@plot.uz) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.173]) by mx1.freebsd.org (Postfix) with ESMTP id CF2F913C468 for ; Mon, 30 Jul 2007 05:13:58 +0000 (UTC) (envelope-from info@plot.uz) Received: by ug-out-1314.google.com with SMTP id o4so1150246uge for ; Sun, 29 Jul 2007 22:13:57 -0700 (PDT) Received: by 10.67.19.9 with SMTP id w9mr4946039ugi.1185772437307; Sun, 29 Jul 2007 22:13:57 -0700 (PDT) Received: from plot.uz ( [83.221.182.248]) by mx.google.com with ESMTPS id h6sm10853913nfh.2007.07.29.22.13.19 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 29 Jul 2007 22:13:56 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=unavailable version=3.1.7 X-Spam-Report: Received: from localhost by plot.uz (MDaemon PRO v9.5.5) with DomainPOP id md50000004116.msg for ; Mon, 30 Jul 2007 10:12:48 +0500 Delivered-To: aleksey@plot.uz Received: by 10.100.111.17 with SMTP id j17cs175903anc; Sun, 29 Jul 2007 19:27:45 -0700 (PDT) Received: by 10.114.66.2 with SMTP id o2mr74775waa.1185762465148; Sun, 29 Jul 2007 19:27:45 -0700 (PDT) Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by mx.google.com with ESMTP id l23si3337231waf.2007.07.29.19.27.44; Sun, 29 Jul 2007 19:27:45 -0700 (PDT) Received-SPF: pass (google.com: domain of owner-freebsd-security@freebsd.org designates 69.147.83.53 as permitted sender) Received: from hub.freebsd.org (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 2706119454; Mon, 30 Jul 2007 02:26:53 +0000 (UTC) (envelope-from owner-freebsd-security@freebsd.org) Received: from hub.freebsd.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 05B0516A503; Mon, 30 Jul 2007 02:26:53 +0000 (UTC) (envelope-from owner-freebsd-security@freebsd.org) Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DDC3316A41B; Mon, 30 Jul 2007 01:54:22 +0000 (UTC) (envelope-from joel@auscert.org.au) Received: from titania.auscert.org.au (gw.auscert.org.au [203.5.112.28]) by mx1.freebsd.org (Postfix) with ESMTP id 622F813C457; Mon, 30 Jul 2007 01:54:22 +0000 (UTC) (envelope-from joel@auscert.org.au) Received: from app.auscert.org.au (app [10.0.1.192]) by titania.auscert.org.au (8.12.10/8.12.10) with ESMTP id l6U1cL3Y067613; Mon, 30 Jul 2007 11:38:21 +1000 (EST) Received: from app.auscert.org.au (localhost.auscert.org.au [127.0.0.1]) by app.auscert.org.au (8.13.6/8.13.6) with ESMTP id l6U1cKQ4024921; Mon, 30 Jul 2007 11:38:20 +1000 (EST) (envelope-from joel@app.auscert.org.au) Message-Id: <200707300138.l6U1cKQ4024921@app.auscert.org.au> To: "Simon L. Nielsen" In-Reply-To: Your message of "Fri, 27 Jul 2007 11:07:29 +0200." <20070727090729.GA1004@zaphod.nitro.dk> Date: Mon, 30 Jul 2007 11:38:20 +1000 X-Mailman-Approved-At: Mon, 30 Jul 2007 02:26:48 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Errors-To: owner-freebsd-security@freebsd.org X-Return-Path: owner-freebsd-security@freebsd.org X-Envelope-From: owner-freebsd-security@freebsd.org X-MDaemon-Deliver-To: freebsd-stable@freebsd.org X-Spam-Processed: plot.uz, Mon, 30 Jul 2007 10:12:50 +0500 From: Joel Hatton Cc: freebsd-security@FreeBSD.org, freebsd-stable@FreeBSD.org Subject: Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail X-BeenThere: freebsd-stable@freebsd.org List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jul 2007 05:13:59 -0000 Hi Simon, Thanks very much for the patch :) On Fri, 27 Jul 2007 11:07:29 +0200, "Simon L. Nielsen" wrote: > >Your patch is very close to the "correct"/cleaner patch which is >attached. How exactly does it fail without your patch? Does it say >"cannot open : No such file or directory" and then no jails start when >booting (that would be my guess from a quick check of the bug)? Sure does: eval: cannot open : No such file or directory and no jails start. > >Would it be possible for you to test the attached patch and see if it >fixes the issue for you? It does indeed. I was actually pretty foolish in the way that I addressed it, now that I see what your patch does. I was so busy scratching my head at the variables before the 'while' loop that I didn't see that the problem was in the ${_fstab} being fed to it on stdin! > >I haven't heard of this issue before, so not many people are using 5.5 >with jails. The bug was certainly introduced as a merge error in the >with the patch for FreeBSD-SA-07:01.jail. Or maybe they're not patching often enough? Actually, my suspicion is that not many are using the jail_example_mount_enable variable, because without this set the responsible code is never called. > >As this is clearly a bug in a Security Advisory patch and RELENG_5 / >RELENG_5_5 are still supported I expect that an updated advisory will >be released to fix this bug shortly. > >Thanks for reporting the issue, and sorry about the bad patch :-(. No problem! It feels good to help :) I never implement new patches into my prod environment before testing, so this has basically been an interesting exercise for me. cheers, joel -- Joel Hatton -- Infrastructure Manager | Hotline: +61 7 3365 4417 AusCERT - Australia's national CERT | Fax: +61 7 3365 7031 The University of Queensland | WWW: www.auscert.org.au Qld 4072 Australia | Email: auscert@auscert.org.au _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"