Date: Sat, 20 Jan 2007 17:52:32 +0100 From: Stefan Bethke <stb@lassitu.de> To: "Simon L. Nielsen" <simon@freebsd.org> Cc: freebsd-security@freebsd.org, Pawel Jakub Dawidek <pjd@freebsd.org>, Colin Percival <cperciva@freebsd.org>, freebsd-stable@freebsd.org Subject: Re: Improving FreeBSD-SA-07:01.jail fix Message-ID: <178C4510-6CD1-4F32-AA41-BDB6CF35E0C3@lassitu.de> In-Reply-To: <20070120122432.GA971@zaphod.nitro.dk> References: <200701111841.l0BIfWOn015231@freefall.freebsd.org> <45A6DB76.40800@freebsd.org> <20070113112937.GI90718@garage.freebsd.pl> <20070120122432.GA971@zaphod.nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 20.01.2007 um 13:24 schrieb Simon L. Nielsen:
> BTW. with regard to the console.log file I really don't think it
> should be put back inside the jail unless it's possible to make the
> generation of the file entirely inside the jail since it's just not
> worth the risk/complexity.
I'm probably missing something, but why not replace:
_jail_id=$(head -1 ${_tmp_jail})
tail +2 ${_tmp_jail} >${_rootdir}/var/log/console.log
with:
_jail_id=$(head -1 ${_tmp_jail})
tail +2 ${_tmp_jail} | jexec ${_jail_id} sh -c "cat >/var/log/
console.log"
Stefan
--
Stefan Bethke <stb@lassitu.de> Fon +49 170 346 0140
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?178C4510-6CD1-4F32-AA41-BDB6CF35E0C3>