From owner-freebsd-hackers@FreeBSD.ORG Thu Dec 10 09:59:42 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 19A941065670; Thu, 10 Dec 2009 09:59:42 +0000 (UTC) (envelope-from ivoras@gmail.com) Received: from mail-ew0-f226.google.com (mail-ew0-f226.google.com [209.85.219.226]) by mx1.freebsd.org (Postfix) with ESMTP id 734738FC0A; Thu, 10 Dec 2009 09:59:41 +0000 (UTC) Received: by ewy26 with SMTP id 26so3548575ewy.3 for ; Thu, 10 Dec 2009 01:59:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:from:date:x-google-sender-auth:message-id:subject:to:cc :content-type:content-transfer-encoding; bh=2B+NfKU4ECm3O4eoAj75+r3c3Y9R22t3AWZhyr1fCpg=; b=UJAxrAcGz1lvPglKJK/y5eZXCsXSeFW7kDXRTe83z11oTWnKLwR6u5k7Fyd/n7Qemn 9bEBvK8AShprZliZH/cWax2tNH1zx7Ci/6K/J/Qeu8mncujCJP3ekJUA4OZ1K+OYoyab mxR3q7537MPSHU7Xgx6DtTBipBrBVlOz4W0yc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; b=HTF5aaxiHSIHi1Y+aPiJ8PVYnl5em0Dvma18P8awA3NBpKJTHY3iLl+W9mLZNo5H2o IE3A9dRjtLUkvo732RtXRmVFsFYaDNbQcl7+yNEXq88VfA5+5UTyPkeJB+YEqhK4t0ov +zr6m1NNiF7y8e2LVnwK7dIun/vgjUQsJGujM= MIME-Version: 1.0 Sender: ivoras@gmail.com Received: by 10.216.86.131 with SMTP id w3mr178698wee.156.1260439180122; Thu, 10 Dec 2009 01:59:40 -0800 (PST) In-Reply-To: References: <20091130142950.GA86528@logik.internal.network> <20091130150127.GA82188@logik.internal.network> <237c27100912010722g2f6c4647ga82370284bc26e20@mail.gmail.com> From: Ivan Voras Date: Thu, 10 Dec 2009 10:59:20 +0100 X-Google-Sender-Auth: e1d29ef32b14371b Message-ID: <9bbcef730912100159s49704c18o1225d060c422b273@mail.gmail.com> To: Robert Watson Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-hackers@freebsd.org, Linda Messerschmidt Subject: Re: UNIX domain sockets on nullfs still broken? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Dec 2009 09:59:42 -0000 2009/12/10 Robert Watson : > > On Tue, 1 Dec 2009, Linda Messerschmidt wrote: > >> On Mon, Nov 30, 2009 at 10:14 AM, Ivan Voras wrote: >>>> >>>> What's the sane solution, then, when the only method of communication >>>> is unix domain sockets? >>> >>> It is a security problem. I think the long-term solution would be to ad= d >>> a >>> sysctl analogous to security.jail.param.securelevel to handle this. >> >> Out of curiosity, why is allowing accessing to a Unix domain socket in a >> filesystem to which a jail has explicitly been allowed access more or le= ss >> secure than allowing access to a file or a devfs node in a filesystem to >> which a jail has explicitly been allowed access? > > (I seem to have caught this thread rather late in the game due to being o= n > travel) -- Ivan is wrong about nullfs, it's broken due to a bug, not a > feature, and that bug is not present when using a single file system. =C2= =A0He's > thinking of unionfs semantics, where if it worked it would be a bug. =C2= =A0:-) You have a point there. I was actually thinking more of sysvshm - which doesn't have anything to do with any of the issues here - but has some of the same properties (and is also used by databases - e.g. postgresql, which I'm using daily so it sort of cross-linked). The reason I'd like the nullfs barrier kept is that it (like shm) is used for IPC, and in this case, IPC across different jails (though a file system itself also be used so...). It's not a big issue - I'll also accept that it's the operator's fault if he doesn't know sharing file systems will also share sockets and fifos on it...