List Info

Thread: Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail
country flaguser name
Denmark		 2007-07-27 04:07:29 

  


  

    On 2007.07.27 17:12:34 +1000, Joel Hatton wrote:

> I'm dredging up an old issue here, but it appears to be unresolved in
> RELENG_5_5 at this time. After upgrading to 5.5-RELEASE-p14, I found that
> my jails wouldn't start anymore, and it comes down to this bit again. By
> way of explanation, I'll include the patch for what I changed.
> 
> --- /tmp/jail   Wed Feb 14 15:16:30 2007
> +++ /etc/rc.d/jail      Fri Jul 27 13:46:51 2007
>  -218,7 +218,7 
>  {
>         local _device _mountpt _rest
>  
> -       while read _device _mountpt _rest; do
> +       cat ${jail_fstab} | while read _device _mountpt _rest; do
>                 case ":${_device}" in
>                 :#* | 
>                         continue
> 
> In short, the jail_mount_fstab function is not given the fstab file on
> which the local variables depend. My patch may not be the most robust but
> for me today it is expedient.

Hey,


Yes, looking at the code now it is clearly wrong.  Guess I/we
(secteam) stared too much at the code so we missed this issue :-/.

Your patch is very close to the "correct"/cleaner patch which is
attached.  How exactly does it fail without your patch?  Does it say
"cannot open : No such file or directory" and then no jails start when
booting (that would be my guess from a quick check of the bug)?

Would it be possible for you to test the attached patch and see if it
fixes the issue for you?

> Sorry if this has been discussed already, but I was surprised that this
> hadn't been fixed yet. It certainly would have caused some anxious moments
> if I'd upgraded a prod server with multiple jails before I realised!


I haven't heard of this issue before, so not many people are using 5.5
with jails.  The bug was certainly introduced as a merge error in the
with the patch for FreeBSD-SA-07:01.jail.

As this is clearly a bug in a Security Advisory patch and RELENG_5 /
RELENG_5_5 are still supported I expect that an updated advisory will
be released to fix this bug shortly.

Thanks for reporting the issue, and sorry about the bad patch :-(.

-- 
Simon L. Nielsen
Hat: FreeBSD Security Team and pointyhat


  

  
  
   
     
    
 
        Approximate file size 622 bytes
    

    
    






 [1]











   
 





about | contact  Other archives ( Real Estate discussion Medical topics )