[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-06:01.jail

FreeBSD Security Advisories security-advisories at freebsd.org
Fri Jul 7 07:31:28 UTC 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FreeBSD-EN-06:01.jail                                           Errata Notice
                                                          The FreeBSD Project

Topic:          Jail startup scripts may override some global jail_*
                variables.

Category:       core
Module:         etc_rc.d
Announced:      2006-07-07
Credits:        Florent Thoumie, Pawel Dawidek, Cheng-Lung Sung
Affects:        FreeBSD 6.1-RELEASE
Corrected:      2006-07-07 07:25:21 UTC

I.   Background

System startup scripts, typically in /etc/rc.d, control what happens
as a system boots to multi-user mode.  The behavior of those scripts
can be controlled by "global" variables in /etc/rc.conf.

II.  Problem Description

The names of several internal variables in the jail startup script
conflicted with those of global variables that could be set by
administrators.  In addition, some configuration variables are not
properly validated in the jail startup script.

III. Impact

Jails may not have started up as the administrator intended.  If some
configuration variables required by jail configuration in /etc/rc.conf
are not correctly set jail startup may have been attempted by the script
anyway.

IV.   Solution

Do one of the following to update the source tree:

  1) Upgrade your affected system to the RELENG_6_1 errata branch dated
     after the correction date using cvsup(1) or cvs(1).  This is the
     preferred method.  For information on how to use cvsup(1) to update
     your source code see:
       http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html

  2) Obtain the updated files using the cvsweb interface.  Cvsweb is a
     Web interface to the CVS repository.  The URL to the general
     interface is "http://www.freebsd.org/cgi/cvsweb.cgi/".  You can
     obtain any of the source files for the RELENG_6_1 branch by going
     to the src  directory ("http://www.freebsd.org/cgi/cvsweb.cgi/src")
     and then selecting the "RELENG_6_1" branch tag.  With the branch
     tag set navigate to the files listed below in the "Correction
     details" section and download them, making sure you get the correct
     revision numbers.  Copy the downloaded files into your /usr/src tree.

If using the second procedure you should make sure you have used that
same procedure to download all previous Errata Notices and Security
Advisories.  We strongly discourage this procedure due to the problems
that may be caused by not doing that - using the first procedure takes
care of making sure all updates get applied.

Then use mergemaster(8) to install the updated startup script support.  Note
that mergemaster(8) will expect to find a normal object file tree having
resulted from doing 'make world' in /usr/src, and will build one if it
does not exist.  If you do not have a recent object file tree you may
want to just manually copy the src/etc/rc.d/jail and src/etc/defaults/rc.conf
files into place.

V.  Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

- ---------------------------------------------------------------------------
RELENG_6_1

  Revision        Changes    Path
  1.416.2.22.2.5  +3 -0      src/UPDATING
  1.23.2.3.2.2    +102 -91   src/etc/rc.d/jail
  1.69.2.11.2.5   +1 -1      src/sys/conf/newvers.sh

- ---------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (FreeBSD)

iD8DBQFErgzzFdaIBMps37IRAh17AJwLueUv5ZzXrbZG8qtL1lwgpPZCCgCfYGxE
2oAorGMRBTbqVx/YhKJX1lA=
=Lmti
-----END PGP SIGNATURE-----

More information about the freebsd-announce mailing list