On Mon, Jan 15, 2007 at 08:56:44PM +0100, Dirk Engling wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Pawel Jakub Dawidek wrote:
>
> > I'll keep /var/log/console.log outside a jail, because using
> > 'realpath -c' will be dangerous once the jail is running. There could be
> > a race where `realpath -c` returns one path, an attacker inside a jail
> > changes one of resolved path's component and rc.d/jail from outside a
> > jail tries to use it.
>
> A simple way to prevent race conditions (here an example to mount devfs
> into jails) is:
>
> cd ${jail_root}
> j_root=`pwd`
> cd ${jail_dev_dir}
> j_dev=`pwd`
> eval evil_doer=\$\{j_dev#${j_root}\}
> [ "$evil_doer" = "$j_dev" ] && exit
> mount_devfs devfs .
# ls -l /jails
lrwxr-x--- 1 root wheel 9 15 sty 21:58 /jails -> usr/jails
# jail_root="/usr/jails"
# jail_dev_dir="/jails/dev"
# cd ${jail_root}
# j_root=`pwd`
# echo $j_root
/usr/jails
# cd ${jail_dev_dir}
# j_dev=`pwd`
# echo $j_dev
/jails/dev
# eval evil_doer=\$\{j_dev#${j_root}\}
# echo $evil_doer
/jails/dev
# [ "$evil_doer" = "$j_dev" ] && echo "false positive"
false positive
In other words, it may break existing configurations.
> To do the same with console.log (I _really_ like this feature and would
> want it re-enabled asap) you can use something like:
>
> cd ${jail_root}
> j_root=`pwd`
> cd ${jail_var_log_dir}
> j_var_log=`pwd`
> eval evil_doer=\$\{j_var_log#${j_root}\}
> [ "$evil_doer" = "$j_var_log" ] && exit
--> Race <--
> cp -f ${temp_log} console.log
--
Pawel Jakub Dawidek http://www.wheel.pl
[EMAIL PROTECTED] http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
pgpkzNGJfDMz3.pgp
Description: PGP signature
