HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail

Joel Hatton info at plot.uz
Mon Jul 30 05:13:59 UTC 2007

Hi Simon,

Thanks very much for the patch :)

On Fri, 27 Jul 2007 11:07:29 +0200, "Simon L. Nielsen" wrote:
>Your patch is very close to the "correct"/cleaner patch which is
>attached.  How exactly does it fail without your patch?  Does it say
>"cannot open : No such file or directory" and then no jails start when
>booting (that would be my guess from a quick check of the bug)?

Sure does:

eval: cannot open : No such file or directory

and no jails start.

>Would it be possible for you to test the attached patch and see if it
>fixes the issue for you?

It does indeed. I was actually pretty foolish in the way that I addressed
it, now that I see what your patch does. I was so busy scratching my head
at the variables before the 'while' loop that I didn't see that the problem
was in the ${_fstab} being fed to it on stdin!

>I haven't heard of this issue before, so not many people are using 5.5
>with jails.  The bug was certainly introduced as a merge error in the
>with the patch for FreeBSD-SA-07:01.jail.

Or maybe they're not patching often enough? Actually, my suspicion is that
not many are using the jail_example_mount_enable variable, because without
this set the responsible code is never called.

>As this is clearly a bug in a Security Advisory patch and RELENG_5 /
>RELENG_5_5 are still supported I expect that an updated advisory will
>be released to fix this bug shortly.
>Thanks for reporting the issue, and sorry about the bad patch :-(.

No problem! It feels good to help :) I never implement new patches into
my prod environment before testing, so this has basically been an
interesting exercise for me.


-- Joel Hatton --
Infrastructure Manager              | Hotline: +61 7 3365 4417
AusCERT - Australia's national CERT | Fax:     +61 7 3365 7031
The University of Queensland        | WWW:     www.auscert.org.au
Qld 4072 Australia                  | Email:   auscert at auscert.org.au

freebsd-security at freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"

More information about the freebsd-stable mailing list