“able to permit”.
[2] Like many insomniacs, I get naughtier as the night goes on.
--
3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me
signature.asc
Description: PGP signature
no process can open anything
new on the detached fs, if it eventually unwedges itself somehow it
won't get rewedged.
Julian
--
3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me
signature.asc
Description: PGP signature
pretty early on. I
haven't solved it, but the problem seems to be one of context - if you
try to execve /proc/self you'll also get ENOENT instead of the expected
EACCES.
Julian
--
3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me
signature.asc
Description: PGP signature
On Tue, 4 Dec 2012 15:30:36 +
David Holland dholland-t...@netbsd.org wrote:
On Tue, Dec 04, 2012 at 01:58:13PM +, Julian Yon wrote:
The descriptor is probably already closed on exec before the
syscall tries to use it.
Nope. That happens later. I was looking through
On Sun, 2 Dec 2012 04:04:23 +
David Holland dholland-t...@netbsd.org wrote:
On Sun, Dec 02, 2012 at 03:22:24AM +, Julian Yon wrote:
It's not weird, and there is a gain; it's for compatibility with
large amounts of deployed code that assumes all devices have
512-byte blocks
.
Because that implies that the designers have made the explicit decision
to sacrifice performance for no gain. But there is a cost: they had to
write firmware code to emulate that block size.
Julian
--
3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me
signature.asc
Description: PGP
to read the contents of the file. You can
open with --x but (correctly) you can't read from the file.
Julian
--
3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me
signature.asc
Description: PGP signature
On Sat, 17 Nov 2012 21:45:02 +
David Laight da...@l8s.co.uk wrote:
On Fri, Nov 16, 2012 at 12:52:30PM +, Julian Yon wrote:
What does this gain over passing a filename around? (NB. I'm not
claiming that's an entirely safe model either, but it's already
possible).
You don't
not sure
if that's safe), and any other failed with EBADF? Seems to me this
would allow the intended usage (tenuous as the rationale is) while
closing the chroot based holes that have been discussed.
Julian
--
3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me
signature.asc
Description
On Sun, 18 Nov 2012 14:31:29 -0500
Thor Lancelot Simon t...@panix.com wrote:
On Sun, Nov 18, 2012 at 07:27:27PM +, Julian Yon wrote:
On Sat, 17 Nov 2012 21:45:02 +
David Laight da...@l8s.co.uk wrote:
You don't need the executable image inside the chroot.
I don't believe
read rights you can open with O_EXEC instead, and you can't read
the file you just opened; it merely provides a mechanism to pointlessly
use fexecve.
Julian
--
3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me
signature.asc
Description: PGP signature
/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me
signature.asc
Description: PGP signature
needed the executable itself to do the chroot.
What does this gain over passing a filename around? (NB. I'm not
claiming that's an entirely safe model either, but it's already
possible).
Julian
--
3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me
signature.asc
Description: PGP
, NetBSD doesn't define
O_EXEC anyway (nor does Linux).
Julian
--
3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me
signature.asc
Description: PGP signature
files pretty much pwnz0rz the system already.)
Depends whether they can overwrite all root-owned files, or just
specific ones (due to some other exploit).
Julian
--
3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me
signature.asc
Description: PGP signature
/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me
signature.asc
Description: PGP signature
On Thu, 15 Nov 2012 16:02:50 -0500
Thor Lancelot Simon t...@panix.com wrote:
Look at that rationale carefully and I think you will see the race
condition that it does not eliminate. Talk about a solution looking
for a problem!
Indeed I do. Fair point.
Julian
--
3072D/F3A66B3A Julian Yon
--
3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me
signature.asc
Description: PGP signature
people's incorrect code work most of the time
are justifiable. The system authentication path is
not one of them!
I thought he was advocating a more generic kludge mechanic rather than
one specific to authentication?
Julian
--
3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me
that
this is Not NetBSD's Problem, but I wonder how many people devise their
own insane “solutions” to this sort of thing and are put at risk by the
lack of an official workaround? I'm thinking particularly of less
experienced folk, here.
--
3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me
the real problem in your
specific case lies in the design of the module, not in the threads
restriction.
Julian
--
3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me
signature.asc
Description: PGP signature
21 matches
Mail list logo