Date: Mon, 3 Apr 2006 00:30:58 -0300 (ADT) From: "Marc G. Fournier" <scrappy@postgresql.org> To: Kris Kennaway <kris@obsecurity.org> Cc: Tom Lane <tgl@sss.pgh.pa.us>, "Marc G. Fournier" <scrappy@postgresql.org>, freebsd-stable@freebsd.org, pgsql-hackers@postgresql.org Subject: Re: [HACKERS] semaphore usage "port based"? Message-ID: <20060403002830.W947@ganymede.hub.org> In-Reply-To: <20060403032130.GA58053@xor.obsecurity.org> References: <26796.1144028094@sss.pgh.pa.us> <20060402225204.U947@ganymede.hub.org> <26985.1144029657@sss.pgh.pa.us> <20060402231232.C947@ganymede.hub.org> <27148.1144030940@sss.pgh.pa.us> <20060402232832.M947@ganymede.hub.org> <20060402234459.Y947@ganymede.hub.org> <27417.1144033691@sss.pgh.pa.us> <20060403031157.GA57914@xor.obsecurity.org> <27515.1144034269@sss.pgh.pa.us> <20060403032130.GA58053@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 2 Apr 2006, Kris Kennaway wrote: > On Sun, Apr 02, 2006 at 11:17:49PM -0400, Tom Lane wrote: >> Kris Kennaway <kris@obsecurity.org> writes: >>> On Sun, Apr 02, 2006 at 11:08:11PM -0400, Tom Lane wrote: >>>> If this is the story, then FBSD have broken their system and must revert >>>> their change. They do not have kernel behavior that totally hides the >>>> existence of the other process, and therefore having some calls that >>>> pretend it's not there is simply inconsistent. >> >>> I'm guessing it's a deliberate change to prevent the information >>> leakage between jails. >> >> I have no objection to doing that, so long as you are actually doing it >> correctly. This example shows that each jail must have its own SysV >> semaphore key space, else information leaks anyway. > > By default SysV shared memory is disallowed in jails. 'k, but how do I fix kill so that it has the proper behaviour if SysV is enabled? Maybe a mount option for procfs that allows for pre-5.x behaviour? I'm not the first one to point out that this is a problem, just the first to follow it through to the cause ;( And I believe there is more then just PostgreSQL that is affected by shared memory (ie. apache2 needs SysV IPC enabled, so anyone doing that in a jail has it enabled also) ... Basically, I don't care if 'default' is ultra-secure ... but some means to bring it down a notch would be nice ... :( ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060403002830.W947>