HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail 
    Joel Hatton 
    joel at auscert.org.au
       
    Mon Jul 30 01:54:23 UTC 2007
    
    
  
Hi Simon,
Thanks very much for the patch :)
On Fri, 27 Jul 2007 11:07:29 +0200, "Simon L. Nielsen" wrote:
>
>Your patch is very close to the "correct"/cleaner patch which is
>attached.  How exactly does it fail without your patch?  Does it say
>"cannot open : No such file or directory" and then no jails start when
>booting (that would be my guess from a quick check of the bug)?
Sure does:
eval: cannot open : No such file or directory
and no jails start.
>
>Would it be possible for you to test the attached patch and see if it
>fixes the issue for you?
It does indeed. I was actually pretty foolish in the way that I addressed
it, now that I see what your patch does. I was so busy scratching my head
at the variables before the 'while' loop that I didn't see that the problem
was in the ${_fstab} being fed to it on stdin!
>
>I haven't heard of this issue before, so not many people are using 5.5
>with jails.  The bug was certainly introduced as a merge error in the
>with the patch for FreeBSD-SA-07:01.jail.
Or maybe they're not patching often enough? Actually, my suspicion is that
not many are using the jail_example_mount_enable variable, because without
this set the responsible code is never called.
>
>As this is clearly a bug in a Security Advisory patch and RELENG_5 /
>RELENG_5_5 are still supported I expect that an updated advisory will
>be released to fix this bug shortly.
>
>Thanks for reporting the issue, and sorry about the bad patch :-(.
No problem! It feels good to help :) I never implement new patches into
my prod environment before testing, so this has basically been an
interesting exercise for me.
cheers,
joel
-- Joel Hatton --
Infrastructure Manager              | Hotline: +61 7 3365 4417
AusCERT - Australia's national CERT | Fax:     +61 7 3365 7031
The University of Queensland        | WWW:     www.auscert.org.au
Qld 4072 Australia                  | Email:   auscert at auscert.org.au
    
    
More information about the freebsd-security
mailing list