Date: Wed, 07 Jun 2006 00:42:56 +0200 From: Dirk Engling <erdgeist@erdgeist.org> To: freebsd-rc <freebsd-rc@freebsd.org> Subject: New feature exec_afterstart Message-ID: <448604F0.9070406@erdgeist.org>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, while incorporating some of the jail options grouping stuff into /etc/rc.d/jail I noticed the introduction of a new feature called "exec_afterstart". This has not been discussed here on list but yet was introduced in 1.34 and is going to be MFCed somewhere around soon. When googling around I found this: http://www.freebsd.org/cgi/query-pr.cgi?pr=97697 I do not see, what this approach yields that cannot simply be accomplished by a second jail on the same jailroot/IP-combination, correct me, if I am wrong. Further I can not see, what /bin/sh introduces in terms of system (in)security that will not happen to you if you have syscalls. The patch introduces the same ugly enumeration style that already sucks in the ifconfig rc script and should be deprecated. Correct me, if I am wrong. So I'd strongly vote to not to MFC but rather remove this feature. Btw.: Where do these kinds of discussions normally take place? I mean before things are committed. Regards erdgeist -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (Darwin) iD8DBQFEhgTwImmQdUyYEgkRArG7AJ9jDlwuq9jsfq+97oMirf3NBDqQDACbB051 HZm2ibjGGHMbriiwrGIjDt8= =fd4p -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?448604F0.9070406>