Date: Mon, 15 Jan 2007 22:15:26 +0100 From: Dirk Engling <erdgeist@erdgeist.org> To: Pawel Jakub Dawidek <pjd@FreeBSD.org> Cc: freebsd-security@freebsd.org Subject: Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail Message-ID: <45ABEEEE.4030609@erdgeist.org> In-Reply-To: <20070115210826.GA2839@garage.freebsd.pl> References: <200701111841.l0BIfWOn015231@freefall.freebsd.org> <45A6DB76.40800@freebsd.org> <20070113112937.GI90718@garage.freebsd.pl> <45ABDC7C.6060407@erdgeist.org> <20070115210826.GA2839@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Pawel Jakub Dawidek wrote:
> In other words, it may break existing configurations.
Sorry, I meant "pwd -P" and assumed that, according to pwds man page, to
be default.
>> cd ${jail_root}
>> j_root=`pwd`
>> cd ${jail_var_log_dir}
>> j_var_log=`pwd`
>> eval evil_doer=\$\{j_var_log#${j_root}\}
>> [ "$evil_doer" = "$j_var_log" ] && exit
>
> --> Race <--
>
>> cp -f ${temp_log} console.log
No, since that directory is your cwd, you operate on ./ which wont
change by setting soft links along the path. You won't even be able to
remove that directory in the first place since the directories vnode is
locked.
Regards
erdgeist
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iD8DBQFFq+7tImmQdUyYEgkRAiJ2AJoCdbM8rPn8F/8atVBRzwGcJOZhHQCeO6Hi
ILSZnZ7jgsUhOiZi3M6fkDo=
=0IXe
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45ABEEEE.4030609>