Date: Sun, 2 Apr 2006 23:41:01 -0400 From: Kris Kennaway <kris@obsecurity.org> To: "Marc G. Fournier" <scrappy@postgresql.org> Cc: Tom Lane <tgl@sss.pgh.pa.us>, pgsql-hackers@postgresql.org, freebsd-stable@freebsd.org, Kris Kennaway <kris@obsecurity.org> Subject: Re: [HACKERS] semaphore usage "port based"? Message-ID: <20060403034101.GA58429@xor.obsecurity.org> In-Reply-To: <20060403002830.W947@ganymede.hub.org> References: <26985.1144029657@sss.pgh.pa.us> <20060402231232.C947@ganymede.hub.org> <27148.1144030940@sss.pgh.pa.us> <20060402232832.M947@ganymede.hub.org> <20060402234459.Y947@ganymede.hub.org> <27417.1144033691@sss.pgh.pa.us> <20060403031157.GA57914@xor.obsecurity.org> <27515.1144034269@sss.pgh.pa.us> <20060403032130.GA58053@xor.obsecurity.org> <20060403002830.W947@ganymede.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--7AUc2qLy4jB3hD7Z Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Apr 03, 2006 at 12:30:58AM -0300, Marc G. Fournier wrote: > On Sun, 2 Apr 2006, Kris Kennaway wrote: >=20 > >On Sun, Apr 02, 2006 at 11:17:49PM -0400, Tom Lane wrote: > >>Kris Kennaway <kris@obsecurity.org> writes: > >>>On Sun, Apr 02, 2006 at 11:08:11PM -0400, Tom Lane wrote: > >>>>If this is the story, then FBSD have broken their system and must rev= ert > >>>>their change. They do not have kernel behavior that totally hides the > >>>>existence of the other process, and therefore having some calls that > >>>>pretend it's not there is simply inconsistent. > >> > >>>I'm guessing it's a deliberate change to prevent the information > >>>leakage between jails. > >> > >>I have no objection to doing that, so long as you are actually doing it > >>correctly. This example shows that each jail must have its own SysV > >>semaphore key space, else information leaks anyway. > > > >By default SysV shared memory is disallowed in jails. >=20 > 'k, but how do I fix kill so that it has the proper behaviour if SysV is= =20 > enabled? Check the source, perhaps there's already a way. If not, talk to whoever made the change. > Maybe a mount option for procfs that allows for pre-5.x=20 > behaviour? procfs has nothing to do with this though. > I'm not the first one to point out that this is a problem, just=20 > the first to follow it through to the cause ;( And I believe there is=20 > more then just PostgreSQL that is affected by shared memory (ie. apache2= =20 > needs SysV IPC enabled, so anyone doing that in a jail has it enabled=20 > also) ... Also note that SysV IPC is not the problem here, it's the change in the behaviour of kill() that is causing postgresql to become confused. That's what you should investigate. Kris --7AUc2qLy4jB3hD7Z Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFEMJlMWry0BWjoQKURAnHBAKD7rWNOJP6UCZAfxJBuzcMp0wDPigCfbYR2 pU2fw/bWoplrZbNwSQegels= =aSql -----END PGP SIGNATURE----- --7AUc2qLy4jB3hD7Z--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060403034101.GA58429>