jail file and directory permissions
Erich Jenkins, Fuujin Group Ltd
erich at fuujingroup.com
Fri Apr 16 09:20:36 UTC 2010
Greg Larkin wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Erich Jenkins, Fuujin Group Ltd wrote:
>> Erich Jenkins, Fuujin Group Ltd wrote:
>>> Greg Larkin wrote:
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> Erich Jenkins, Fuujin Group Ltd wrote:
>>>>> Kalle Møller wrote:
>>>>> <snip>
>>>>>> Could you please make a command list on what your doing and with
>>>>>> output.. like this ...
>>>>>>
>>>>>> --
>> <snip>
>
> Hi Erich,
>
> I'm glad to hear that you got everything sorted out! If it's possible
> to set up the previous environment in a virtual machine or some spare
> hardware and grant me an ssh login, I would be interested in doing more
> tests to see if I can figure out what's going on.
>
> Whether there's a bug in the jail subsystem or a hole in the
> provisioning process that allows the privilege escalation, it would
> certainly be good to find the root cause.
>
> Thank you,
> Greg
> - --
> Greg Larkin
>
> http://www.FreeBSD.org/ - The Power To Serve
> http://www.sourcehosting.net/ - Ready. Set. Code.
> http://twitter.com/sourcehosting/ - Follow me, follow you
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iD8DBQFLx8M70sRouByUApARAnpwAJ0f2+XC2hwTSrkO/v8DUPXpchdHygCeMWc0
> M4E6SOz8kPRJYdwTXOkF2lY=
> =z7l7
> -----END PGP SIGNATURE-----
>
Greg:
I'd be happy to get this set up in the lab for you to look at, but at
the moment, all of our lab machines are in use (I rolled this box over
to a community project after buildworld "cleaned" it up). I try to
provide hardware resources to FreeBSD committers and developers hunting
down problems, and at the moment, I'm at the limit, there's no hardware
left.
As soon as something becomes available, I'll drop you a line and get
this onto a test server. Generally, I create a VRF for each test
environment with outside access via ssh and an internet connection for
fetching whatever may be necessary (most often 10mbps). OpenVPN access
is also available depending on what the committer/developer wants.
Thank you again for your interest in this anomaly (for lack of a better
description). I'll get something up for you as soon as a box becomes
available. Any preference on platform (considering this did not seem to
be platform dependent)? I can do sparc64, amd64/x86-64, itanium2, and
i386/x86-32. The environment I'm experiencing the problem in is x86-32,
and I think someone is almost done with a DL580-G3, so I can roll that
out when it becomes available.
Erich M. Jenkins
Fuujin Group Limited
"You should never, never doubt what no one is sure about."
-- Gene Wilder
More information about the freebsd-bugs
mailing list