[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-06:01.jail
FreeBSD Security Advisories
security-advisories at freebsd.org
Fri Jul 7 07:31:28 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
FreeBSD-EN-06:01.jail Errata Notice
The FreeBSD Project
Topic: Jail startup scripts may override some global jail_*
variables.
Category: core
Module: etc_rc.d
Announced: 2006-07-07
Credits: Florent Thoumie, Pawel Dawidek, Cheng-Lung Sung
Affects: FreeBSD 6.1-RELEASE
Corrected: 2006-07-07 07:25:21 UTC
I. Background
System startup scripts, typically in /etc/rc.d, control what happens
as a system boots to multi-user mode. The behavior of those scripts
can be controlled by "global" variables in /etc/rc.conf.
II. Problem Description
The names of several internal variables in the jail startup script
conflicted with those of global variables that could be set by
administrators. In addition, some configuration variables are not
properly validated in the jail startup script.
III. Impact
Jails may not have started up as the administrator intended. If some
configuration variables required by jail configuration in /etc/rc.conf
are not correctly set jail startup may have been attempted by the script
anyway.
IV. Solution
Do one of the following to update the source tree:
1) Upgrade your affected system to the RELENG_6_1 errata branch dated
after the correction date using cvsup(1) or cvs(1). This is the
preferred method. For information on how to use cvsup(1) to update
your source code see:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html
2) Obtain the updated files using the cvsweb interface. Cvsweb is a
Web interface to the CVS repository. The URL to the general
interface is "http://www.freebsd.org/cgi/cvsweb.cgi/". You can
obtain any of the source files for the RELENG_6_1 branch by going
to the src directory ("http://www.freebsd.org/cgi/cvsweb.cgi/src")
and then selecting the "RELENG_6_1" branch tag. With the branch
tag set navigate to the files listed below in the "Correction
details" section and download them, making sure you get the correct
revision numbers. Copy the downloaded files into your /usr/src tree.
If using the second procedure you should make sure you have used that
same procedure to download all previous Errata Notices and Security
Advisories. We strongly discourage this procedure due to the problems
that may be caused by not doing that - using the first procedure takes
care of making sure all updates get applied.
Then use mergemaster(8) to install the updated startup script support. Note
that mergemaster(8) will expect to find a normal object file tree having
resulted from doing 'make world' in /usr/src, and will build one if it
does not exist. If you do not have a recent object file tree you may
want to just manually copy the src/etc/rc.d/jail and src/etc/defaults/rc.conf
files into place.
V. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
- ---------------------------------------------------------------------------
RELENG_6_1
Revision Changes Path
1.416.2.22.2.5 +3 -0 src/UPDATING
1.23.2.3.2.2 +102 -91 src/etc/rc.d/jail
1.69.2.11.2.5 +1 -1 src/sys/conf/newvers.sh
- ---------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (FreeBSD)
iD8DBQFErgzzFdaIBMps37IRAh17AJwLueUv5ZzXrbZG8qtL1lwgpPZCCgCfYGxE
2oAorGMRBTbqVx/YhKJX1lA=
=Lmti
-----END PGP SIGNATURE-----
More information about the freebsd-announce
mailing list