Hi Simon,
Thanks very much for the patch :)
On Fri, 27 Jul 2007 11:07:29 +0200, "Simon L. Nielsen" wrote:
>
>Your patch is very close to the "correct"/cleaner patch which is
>attached. How exactly does it fail without your patch? Does it say
>"cannot open : No such file or directory" and then n
On 2007.07.27 17:12:34 +1000, Joel Hatton wrote:
> I'm dredging up an old issue here, but it appears to be unresolved in
> RELENG_5_5 at this time. After upgrading to 5.5-RELEASE-p14, I found that
> my jails wouldn't start anymore, and it comes down to this bit again. By
> way of explanation, I'll
Hi,
I'm dredging up an old issue here, but it appears to be unresolved in
RELENG_5_5 at this time. After upgrading to 5.5-RELEASE-p14, I found that
my jails wouldn't start anymore, and it comes down to this bit again. By
way of explanation, I'll include the patch for what I changed.
--- /tmp/jail
On Tue, Jan 23, 2007 at 01:25:08PM +0100, Alexander Leidinger wrote:
> Quoting Pawel Jakub Dawidek <[EMAIL PROTECTED]> (from Tue, 23 Jan 2007
> 12:34:44 +0100):
> >It looks like it may work, but I still find it a bit risky. If sh(1) can
> >reopen the file under some conditions or someone in the fu
Quoting Pawel Jakub Dawidek <[EMAIL PROTECTED]> (from Tue, 23 Jan 2007
12:34:44 +0100):
On Sat, Jan 20, 2007 at 03:24:23PM +0100, Alexander Leidinger wrote:
Quoting Pawel Jakub Dawidek <[EMAIL PROTECTED]> (Sat, 20 Jan 2007
14:03:08 +0100):
> I fully agree that console.log should be outsid
On Sat, Jan 20, 2007 at 03:24:23PM +0100, Alexander Leidinger wrote:
> Quoting Pawel Jakub Dawidek <[EMAIL PROTECTED]> (Sat, 20 Jan 2007 14:03:08
> +0100):
>
> > I fully agree that console.log should be outside a jail. At least noone
> > proposed safe solution so far, which also means it's not an
Quoting Pawel Jakub Dawidek <[EMAIL PROTECTED]> (Sat, 20 Jan 2007 14:03:08
+0100):
> I fully agree that console.log should be outside a jail. At least noone
> proposed safe solution so far, which also means it's not an easy fix.
What's unsafe about my proposal? I did had a look at the code now,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Pawel Jakub Dawidek wrote:
> When -J operates on a file inside a jail, it create the same security
> hole as the one from security advisory, because it opens a file before
> calling jail(2).
> I fully agree that console.log should be outside a jail. A
On 2007.01.20 14:03:08 +0100, Pawel Jakub Dawidek wrote:
> On Sat, Jan 20, 2007 at 01:24:33PM +0100, Simon L. Nielsen wrote:
> [...]
> > BTW. with regard to the console.log file I really don't think it
> > should be put back inside the jail unless it's possible to make the
> > generation of the fil
On Sat, Jan 20, 2007 at 01:24:33PM +0100, Simon L. Nielsen wrote:
[...]
> BTW. with regard to the console.log file I really don't think it
> should be put back inside the jail unless it's possible to make the
> generation of the file entirely inside the jail since it's just not
> worth the risk/com
On 2007.01.13 12:29:37 +0100, Pawel Jakub Dawidek wrote:
> On Thu, Jan 11, 2007 at 04:51:02PM -0800, Colin Percival wrote:
> > Hello Everyone,
> >
> > I usually let security advisories speak for themselves, but I want to call
> > special attention to this one: If you use jails, READ THE ADVISORY,
Hi Colin,
On Thu, Jan 11, 2007 at 04:51:02PM -0800, Colin Percival wrote:
> Hello Everyone,
>
> I usually let security advisories speak for themselves, but I want to call
> special attention to this one: If you use jails, READ THE ADVISORY, in
> particular the "NOTE WELL" part below; and if you h
* Colin Percival <[EMAIL PROTECTED]> [12.01.2007 06:53]:
> Hello Everyone,
>
> I usually let security advisories speak for themselves, but I want to call
> special attention to this one: If you use jails, READ THE ADVISORY, in
> particular the "NOTE WELL" part below; and if you have problems afte
On Thu, Jan 11, 2007 at 04:51:02PM -0800, Colin Percival wrote:
> Hello Everyone,
>
> I usually let security advisories speak for themselves, but I want to call
> special attention to this one: If you use jails, READ THE ADVISORY, in
> particular the "NOTE WELL" part below; and if you have problem
Philipp Wuensche wrote:
> Colin Percival wrote:
>> In the end we opted to reduce functionality (the jail startup process is
>> no longer logged to /var/log/console.log inside the jail)
>
> Thats a bummer, when Dirk showed me this problem the first time my ideas
> for fixing this problem without lo
> I'm not sure I understand that quite correct, where is this problem
> appearing?
>
> Other things:
>
> tail is used in line 230: tail -r ${_fstab} | while read _device
> _mountpt _rest; do
>
> If the per-jail fstab is larger than 10 lines, which is the default of
> tail to show, the remaining
Mark Andrews wrote:
>> I'm not sure I understand that quite correct, where is this problem
>> appearing?
>>
>> Other things:
>>
>> tail is used in line 230: tail -r ${_fstab} | while read _device
>> _mountpt _rest; do
>>
>> If the per-jail fstab is larger than 10 lines, which is the default of
>> t
Colin Percival wrote:
> Hello Everyone,
>
> I usually let security advisories speak for themselves, but I want to call
> special attention to this one: If you use jails, READ THE ADVISORY, in
> particular the "NOTE WELL" part below; and if you have problems after applying
> the security patch, LET
Hello Everyone,
I usually let security advisories speak for themselves, but I want to call
special attention to this one: If you use jails, READ THE ADVISORY, in
particular the "NOTE WELL" part below; and if you have problems after applying
the security patch, LET US KNOW -- we do everything we ca
19 matches
Mail list logo
