Date: Mon, 30 Jul 2007 11:38:20 +1000 From: Joel Hatton <info@plot.uz> To: "Simon L. Nielsen" <simon@FreeBSD.org> Cc: freebsd-security@FreeBSD.org, freebsd-stable@FreeBSD.org Subject: Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail Message-ID: <200707300138.l6U1cKQ4024921@app.auscert.org.au> In-Reply-To: Your message of "Fri, 27 Jul 2007 11:07:29 %2B0200." <20070727090729.GA1004@zaphod.nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Simon,
Thanks very much for the patch :)
On Fri, 27 Jul 2007 11:07:29 +0200, "Simon L. Nielsen" wrote:
>
>Your patch is very close to the "correct"/cleaner patch which is
>attached. How exactly does it fail without your patch? Does it say
>"cannot open : No such file or directory" and then no jails start when
>booting (that would be my guess from a quick check of the bug)?
Sure does:
eval: cannot open : No such file or directory
and no jails start.
>
>Would it be possible for you to test the attached patch and see if it
>fixes the issue for you?
It does indeed. I was actually pretty foolish in the way that I addressed
it, now that I see what your patch does. I was so busy scratching my head
at the variables before the 'while' loop that I didn't see that the problem
was in the ${_fstab} being fed to it on stdin!
>
>I haven't heard of this issue before, so not many people are using 5.5
>with jails. The bug was certainly introduced as a merge error in the
>with the patch for FreeBSD-SA-07:01.jail.
Or maybe they're not patching often enough? Actually, my suspicion is that
not many are using the jail_example_mount_enable variable, because without
this set the responsible code is never called.
>
>As this is clearly a bug in a Security Advisory patch and RELENG_5 /
>RELENG_5_5 are still supported I expect that an updated advisory will
>be released to fix this bug shortly.
>
>Thanks for reporting the issue, and sorry about the bad patch :-(.
No problem! It feels good to help :) I never implement new patches into
my prod environment before testing, so this has basically been an
interesting exercise for me.
cheers,
joel
-- Joel Hatton --
Infrastructure Manager | Hotline: +61 7 3365 4417
AusCERT - Australia's national CERT | Fax: +61 7 3365 7031
The University of Queensland | WWW: www.auscert.org.au
Qld 4072 Australia | Email: auscert@auscert.org.au
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707300138.l6U1cKQ4024921>