Date: Wed, 10 Aug 2005 00:21:17 +0200 From: Stefan Bethke <stb@lassitu.de> To: "Simon L. Nielsen" <simon@FreeBSD.org> Cc: drvince@anonymnet.net, freebsd-current@FreeBSD.org Subject: Re: More into /etc/rc.d/jail Message-ID: <4204340F-B78E-4913-8B0A-563335266EA9@lassitu.de> In-Reply-To: <20050809220809.GD928@zaphod.nitro.dk> References: <N1-uLBXxM-zn8@Safe-mail.net> <96153776-0BE4-456F-B573-042E84730DFE@lassitu.de> <20050809220809.GD928@zaphod.nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 10.08.2005 um 00:08 schrieb Simon L. Nielsen:
> On 2005.08.09 23:30:26 +0200, Stefan Bethke wrote:
>
>> sed -e 's/#.*$//' <${mdconfig_conf} |grep -v '^[[:space:]]*$'
>> >/tmp/mdconfig.$$
>
> Try searching the web for "temporary file symlink attack"... (hint:
> creating temorary files like that is bad, use mktemp).
Again, thanks for the hint. This was meant as a starting point; it
was hacked together as a stop-gap measure in twenty minutes. (And has
persisted over six months now...)
As to the actual problem:
- It should run late in the startup sequence, so cleantmp should have
run.
- I cribbed the use directly off some other script... let's see...
ah, it's /etc/rc.d/jail.
- The host for all the jails should be inaccessible for anyone except
myself and my admin colleague. (And yes, there's no services running
there apart from sshd.)
I would be more than happy for someone else taking this script,
polishing it, and getting it committed, so I don't have to rememeber
not nuking it on the next mergemaster :-)
Cheers,
Stefan
--
Stefan Bethke <stb@lassitu.de> Fon +49 170 346 0140
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4204340F-B78E-4913-8B0A-563335266EA9>