On Sat, Jan 20, 2007 at 01:24:33PM +0100, Simon L. Nielsen wrote: [...] > BTW. with regard to the console.log file I really don't think it > should be put back inside the jail unless it's possible to make the > generation of the file entirely inside the jail since it's just not > worth the risk/complexity. I think it should be possible to do this > with jail(8) in -CURRENT (see -J flag), but:
When -J operates on a file inside a jail, it create the same security hole as the one from security advisory, because it opens a file before calling jail(2). I fully agree that console.log should be outside a jail. At least noone proposed safe solution so far, which also means it's not an easy fix. -- Pawel Jakub Dawidek http://www.wheel.pl [EMAIL PROTECTED] http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am!
pgpWPkruhbLLZ.pgp
Description: PGP signature
