From owner-freebsd-security@FreeBSD.ORG Thu Aug 28 18:24:19 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E3F7B106567F for ; Thu, 28 Aug 2008 18:24:19 +0000 (UTC) (envelope-from spawk@acm.poly.edu) Received: from acm.poly.edu (acm.poly.edu [128.238.9.200]) by mx1.freebsd.org (Postfix) with ESMTP id AD4808FC15 for ; Thu, 28 Aug 2008 18:24:19 +0000 (UTC) (envelope-from spawk@acm.poly.edu) Received: (qmail 36818 invoked from network); 28 Aug 2008 17:57:37 -0000 Received: from unknown (HELO ?10.0.0.135?) (spawk@128.238.64.31) by acm.poly.edu with AES256-SHA encrypted SMTP; 28 Aug 2008 17:57:37 -0000 Message-ID: <48B6E6EB.1030305@acm.poly.edu> Date: Thu, 28 Aug 2008 13:56:59 -0400 From: Boris Kochergin User-Agent: Thunderbird 2.0.0.16 (X11/20080727) MIME-Version: 1.0 To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: ACLs overriding umasks? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Aug 2008 18:24:20 -0000 Hi, list. A few years ago, there were plans to add an option to the filesystem ACL implementation that would allow ACLs to override umasks when creating files. I haven't been able to find anything else conclusive on the matter and was wondering if it was ever implemented. Thanks. -Boris From owner-freebsd-security@FreeBSD.ORG Fri Aug 29 09:00:41 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D2949106567D for ; Fri, 29 Aug 2008 09:00:41 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.freebsd.org (Postfix) with ESMTP id AEC298FC0A for ; Fri, 29 Aug 2008 09:00:41 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 2682446C4F; Fri, 29 Aug 2008 05:00:41 -0400 (EDT) Date: Fri, 29 Aug 2008 10:00:41 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Boris Kochergin In-Reply-To: <48B6E6EB.1030305@acm.poly.edu> Message-ID: References: <48B6E6EB.1030305@acm.poly.edu> User-Agent: Alpine 1.10 (BSF 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-security@freebsd.org Subject: Re: ACLs overriding umasks? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Aug 2008 09:00:41 -0000 On Thu, 28 Aug 2008, Boris Kochergin wrote: > Hi, list. A few years ago, there were plans to add an option to the > filesystem ACL implementation that would allow ACLs to override umasks when > creating files. I haven't been able to find anything else conclusive on the > matter and was wondering if it was ever implemented. Thanks. Hi Boris: The quick answer is: no, that hasn't happened yet, but it would be nice to do it for 8.0. There's a large in-progress project as part of Google Summer of Code to implement NFSv4 ACLs as well, which we should hear more on soon now that the summer is wrapping up. Robert N M Watson Computer Laboratory University of Cambridge From owner-freebsd-security@FreeBSD.ORG Sat Aug 30 21:37:03 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 24E4A106564A for ; Sat, 30 Aug 2008 21:37:03 +0000 (UTC) (envelope-from tethys.ocean@gmail.com) Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.28]) by mx1.freebsd.org (Postfix) with ESMTP id D6FAE8FC13 for ; Sat, 30 Aug 2008 21:37:02 +0000 (UTC) (envelope-from tethys.ocean@gmail.com) Received: by yx-out-2324.google.com with SMTP id 8so773630yxb.13 for ; Sat, 30 Aug 2008 14:37:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:mime-version:content-type; bh=2deaekeLfAozsLqTZ6l0ZZCnPWw53XlLu4QGdWjFolg=; b=AKBK/A9C2cCu0HNYj9ual7zy9Wq6K/kob6ChfvTixRYa5sMPTOBERHpkS2lOJMcOGj 81w/w7Ir2UcTb0A81M3WO2PM9xwujB6VuhpX1YNCqyRJK1JMUEMrLzHBMVc5UlXdmVn1 WcviHY8v/QDgBqxyrijoRCE5LCE29Ne+gT76E= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:mime-version:content-type; b=jmVWWekNVr2j0K+5oYQXOl6Y9Svb1L59f7dzIX4CIiFVk5dQcZdIq5V6ElIGD95YWv y0hLTd0jm0gKPDXlTEAJhfTl7bjktT6G9w9BA0uXBbgUJtVJBXt8lChOICUBaDTjyMYY pLKBUOXm7IJEO4MgQD91YUFGmiGGgOACqp0C0= Received: by 10.151.46.3 with SMTP id y3mr6312288ybj.225.1220130511717; Sat, 30 Aug 2008 14:08:31 -0700 (PDT) Received: by 10.151.13.20 with HTTP; Sat, 30 Aug 2008 14:08:31 -0700 (PDT) Message-ID: <235b80000808301408v49e91675se91a257e257537fc@mail.gmail.com> Date: Sun, 31 Aug 2008 00:08:31 +0300 From: "tethys ocean" To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-9 Content-Transfer-Encoding: base64 Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org Subject: jail stop extracting iso file X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Aug 2008 21:37:03 -0000 SGkgYWxsCgpJbiBzZXJ2ZXIgamFpbCBhbmQgc3F1aWQgaXMgcnVubmluZyBvbiBpdCAgYXMgbG90 cyBvZiBhbm90aGVyIHBhY2tldC4gaSB3YW50CnRvIGV4dHJhY3QgaXNvIGltYWdlIGluIHRoaXMg c2VydmVyLiAgQnV0IGkgaGF2ZW50IGRvIGl0LgoKI21kY29uZmlnIC1hIC10IHZub2RlIC1mIGJp Z19iY2Jjdi5pc28KI21kY29uZmlnOiBvcGVuKC9kZXYvbWRjdGwpOiBObyBzdWNoIGZpbGUgb3Ig ZGlyZWN0b3J5CgojbHMgLWwgL2Rldi9tZCoKI2xzIC1scyAvZGV2L21kY3RsCmxzOiAvZGV2L21k Y3RsOiBObyBzdWNoIGZpbGUgb3IgZGlyZWN0b3J5CgoKaSBhbSBub3QgZmFtaWxpYXIgd2l0aCBq YWlsLiAgb25seSBpIGNhbiBleHRyYWN0IG15IGlzbyBmaWxlLiDdIHN1cHBvc2UgdGhhdApqYWls IHN0b3AgbWUsIGphaWwgYmxvY2tpbmcgbWUgZm9yIGFjY2VzcyBzb21lIHNvdXJjZQoKCmlzIGl0 IHRydWU/CgoxLWhvdyBjYW4gZXh0cmFjdCB0aGlzIGlzbyBmaWxlCjItaXMgamFpbCBzdG9wIG1l PyAgb3IgYW55IG90aGVyIHRyb3VibGUgYWJvdXQgbXkgbWRjdGw/CgpyZWdhcmQKLS0gClNoYXJl IG5vdyBhIHBpZ2VvbidzIGZsaWdodApCbHVlYm91bmQgYWxvbmcgdGhlIGFuY2llbnQgc2tpZXMs Ckl0cyB3b21lbiBmb3JldmVyIGhhaXIgYW5kIG1hbW1hbCwKQSBNZWRpdGVycmFuZWFuIHRvd24g bWF5IGFyaXNlCklmIHlvdSByaXAgYXBhcnQgYSBwaWdlb24ncyBoZWFydC4K From owner-freebsd-security@FreeBSD.ORG Sat Aug 30 23:32:55 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E9D5A1065684 for ; Sat, 30 Aug 2008 23:32:55 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.freebsd.org (Postfix) with ESMTP id BAFA88FC0A for ; Sat, 30 Aug 2008 23:32:55 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 1858C46BBA; Sat, 30 Aug 2008 19:32:55 -0400 (EDT) Date: Sun, 31 Aug 2008 00:32:55 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: tethys ocean In-Reply-To: <235b80000808301408v49e91675se91a257e257537fc@mail.gmail.com> Message-ID: References: <235b80000808301408v49e91675se91a257e257537fc@mail.gmail.com> User-Agent: Alpine 1.10 (BSF 962 2008-03-14) MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="621616949-622196834-1220139175=:34812" Cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org Subject: Re: jail stop extracting iso file X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Aug 2008 23:32:56 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --621616949-622196834-1220139175=:34812 Content-Type: TEXT/PLAIN; charset=ISO-8859-9; format=flowed Content-Transfer-Encoding: 8BIT On Sun, 31 Aug 2008, tethys ocean wrote: > In server jail and squid is running on it as lots of another packet. i want > to extract iso image in this server. But i havent do it. You are correct that direct manipulation of md(4) devices is not allowed in jail. However, you may be running on a version FreeBSD in which tar(1) can be used to extract iso files, which is quite a bit more convenient for many uses. Robert N M Watson Computer Laboratory University of Cambridge > > #mdconfig -a -t vnode -f big_bcbcv.iso > #mdconfig: open(/dev/mdctl): No such file or directory > > #ls -l /dev/md* > #ls -ls /dev/mdctl > ls: /dev/mdctl: No such file or directory > > > i am not familiar with jail. only i can extract my iso file. Ý suppose that > jail stop me, jail blocking me for access some source > > > is it true? > > 1-how can extract this iso file > 2-is jail stop me? or any other trouble about my mdctl? > > regard > -- > Share now a pigeon's flight > Bluebound along the ancient skies, > Its women forever hair and mammal, > A Mediterranean town may arise > If you rip apart a pigeon's heart. --621616949-622196834-1220139175=:34812--