On Mon, 3 Apr 2006, Marc G. Fournier wrote: > On Mon, 3 Apr 2006, Daniel Eischen wrote: > > > > > Or: > > > > 3) Run postgres in such a way that it doesn't look for > > remnant IPC information from other instances (use a > > per-jail-specific port #?). > > > > Postgres has no business cleaning up after different jailed > > instances of itself, which it wouldn't do if IPC's were > > per-jail. So since IPC's don't currently work that way, > > account for it by the way you run postgres. > > This falls under "well,we broke kill() so that it now reports a PID is not > in use even though it is, so its has to be the application that fixes it"
No, kill is performing as it should. Se Robert's other response regarding sendmail. > ... and you *still* haven't shown *why* kill() reporting a PID is in use, > even if its not in the current jail, is such a security threat ... For reducing attacks I suppose. But conceptually, something running in a jail shouldn't be allowed to see out. -- DE _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
