Date: Thu, 28 Sep 2000 14:30:19 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.ORG> To: Paulo Fragoso <paulo@nlink.com.br> Cc: Poul-Henning Kamp <phk@critter.freebsd.dk>, freebsd-security@FreeBSD.ORG Subject: Re: Jail + PostgreSQL Message-ID: <Pine.NEB.3.96L.1000928142710.7124J-100000@fledge.watson.org> In-Reply-To: <Pine.BSF.4.10.10009281455440.27708-100000@mirage.nlink.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
I've been taking a look at the SysV IPC code a bit this morning, and it looks like the problem is that it supports a single integer-based namespace that is seperate from the file system namespace. Leaving aside criticisms of the design, it looks like we need to perform some sort of namespace scoping: either allocate independent namespaces for each jail/partition, or provide stronger inter-jail protection while maintaining the same namespace. From the perspective of running applications regardless of the jail, the first of those is prefered. I'm going to take a further look at it this evening, and could probably hack together some patches by tomorrow or Sunday, although there may be some garbage collection issues. I've never used SysV IPC before, so there may be a bit of a learning curve there. If someone else wants to give this a hack, that would certainly not be bad :-). Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services On Thu, 28 Sep 2000, Paulo Fragoso wrote: > hummmmm..... > > On Thu, 28 Sep 2000, Poul-Henning Kamp wrote: > > > > > SYSV IPC is not jail-ified... > > > > -- > > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > > phk@FreeBSD.ORG | TCP/IP since RFC 956 > > FreeBSD coreteam member | BSD since 4.3-tahoe > > Never attribute to malice what can adequately be explained by incompetence. > > > > -- > __O > _-\<,_ Why drive when you can bike? > (_)/ (_) > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1000928142710.7124J-100000>