Thanks for that reference. I don't think I've ever seen a
clearer go-to-woah analysis of this sort of hackery. Very neat
indeed.
Needless to say FreeBSD doesn't have that particular
hole anymore, though. A quick scan through
/usr/src/sys/miscfs/procfs/procfs_status.c shows that the result
writing idiom has been changed to prevent the buffer overflow.
(Which was the real problem, not something peculiar to jail(2).)
--
Andrew
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
