More into /etc/rc.d/jail

Stefan Bethke stb at lassitu.de
Tue Aug 9 22:21:25 GMT 2005


Am 10.08.2005 um 00:08 schrieb Simon L. Nielsen:

> On 2005.08.09 23:30:26 +0200, Stefan Bethke wrote:
>
>>     sed -e 's/#.*$//' <${mdconfig_conf} |grep -v '^[[:space:]]*$'  
>> >/tmp/mdconfig.$$
>
> Try searching the web for "temporary file symlink attack"... (hint:
> creating temorary files like that is bad, use mktemp).

Again, thanks for the hint.  This was meant as a starting point; it  
was hacked together as a stop-gap measure in twenty minutes. (And has  
persisted over six months now...)

As to the actual problem:
- It should run late in the startup sequence, so cleantmp should have  
run.
- I cribbed the use directly off some other script... let's see...  
ah, it's /etc/rc.d/jail.
- The host for all the jails should be inaccessible for anyone except  
myself and my admin colleague. (And yes, there's no services running  
there apart from sshd.)

I would be more than happy for someone else taking this script,  
polishing it, and getting it committed, so I don't have to rememeber  
not nuking it on the next mergemaster :-)


Cheers,
Stefan

-- 
Stefan Bethke <stb at lassitu.de>   Fon +49 170 346 0140



More information about the freebsd-current mailing list