Improving FreeBSD-SA-07:01.jail fix [was: HEADS UP: Re: FreeBSD
Security Advisory FreeBSD-SA-07:01.jail]
Pawel Jakub Dawidek
pjd at FreeBSD.org
Tue Jan 23 12:43:39 UTC 2007
On Tue, Jan 23, 2007 at 01:25:08PM +0100, Alexander Leidinger wrote:
> Quoting Pawel Jakub Dawidek <pjd at FreeBSD.org> (from Tue, 23 Jan 2007 12:34:44 +0100):
> >It looks like it may work, but I still find it a bit risky. If sh(1) can
> >reopen the file under some conditions or someone in the future will
> >modify sh(1) in that way (because he won't be aware that such a change
> >may have impact on system security) we will have a security hole.
> >Chances are small, but I'm not going to be the one who will accept that
> >change:)
>
> The spawned subshell is like a command. It doesn't make sense to reopen the file for a command. It's like saying we open and close the file for each line. I didn't
> calculated the probability of this to happen, but I would be very surprised if it is significant. Just think about the performance of such behavior (or a more complex logic
> [...] And if you think about such unlikely stuff to happen, you should also think about some other stuff we are not prepared to
> survive. [...]
Come on, this argument always stands. I only wanted to point out that we
should be extra careful with building security on top of tools that are
not intended for this purpose.
> [...] But feel free to propose a better solution for the problem.
The solution was proposed already - keep console.log outside of jail.
Don't read my comment as a "no" vote for your solution. If secteam@
decide there is nothing to be worry about - fine by me.
--
Pawel Jakub Dawidek http://www.wheel.pl
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20070123/0017c0ed/attachment.pgp
More information about the freebsd-security
mailing list