From owner-freebsd-security@FreeBSD.ORG  Sat Jan 20 17:31:33 2007
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id D9BF916A401;
	Sat, 20 Jan 2007 17:31:33 +0000 (UTC) (envelope-from stb@lassitu.de)
Received: from koef.zs64.net (koef.zs64.net [212.12.50.230])
	by mx1.freebsd.org (Postfix) with ESMTP id 6A5B813C457;
	Sat, 20 Jan 2007 17:31:33 +0000 (UTC) (envelope-from stb@lassitu.de)
Received: (from stb@koef.zs64.net) (authenticated)
	by koef.zs64.net (8.13.8/8.13.8) with ESMTP id l0KGqXcF075001
	(version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO);
	Sat, 20 Jan 2007 17:52:34 +0100 (CET) (envelope-from stb@lassitu.de)
In-Reply-To: <20070120122432.GA971@zaphod.nitro.dk>
References: <200701111841.l0BIfWOn015231@freefall.freebsd.org>
	<45A6DB76.40800@freebsd.org>
	<20070113112937.GI90718@garage.freebsd.pl>
	<20070120122432.GA971@zaphod.nitro.dk>
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <178C4510-6CD1-4F32-AA41-BDB6CF35E0C3@lassitu.de>
Content-Transfer-Encoding: 7bit
From: Stefan Bethke <stb@lassitu.de>
Date: Sat, 20 Jan 2007 17:52:32 +0100
To: "Simon L. Nielsen" <simon@freebsd.org>
X-Mailer: Apple Mail (2.752.2)
Cc: freebsd-security@freebsd.org, Pawel Jakub Dawidek <pjd@freebsd.org>,
	Colin Percival <cperciva@freebsd.org>, freebsd-stable@freebsd.org
Subject: Re: Improving FreeBSD-SA-07:01.jail fix
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Jan 2007 17:31:33 -0000

Am 20.01.2007 um 13:24 schrieb Simon L. Nielsen:

> BTW. with regard to the console.log file I really don't think it
> should be put back inside the jail unless it's possible to make the
> generation of the file entirely inside the jail since it's just not
> worth the risk/complexity.

I'm probably missing something, but why not replace:
	_jail_id=$(head -1 ${_tmp_jail})
	tail +2 ${_tmp_jail} >${_rootdir}/var/log/console.log
with:
	_jail_id=$(head -1 ${_tmp_jail})
	tail +2 ${_tmp_jail} | jexec ${_jail_id} sh -c "cat >/var/log/ 
console.log"


Stefan

-- 
Stefan Bethke <stb@lassitu.de>   Fon +49 170 346 0140