FreeBSD Security Advisories
2006-Jul-07 07:31 UTC
[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-06:01.jail
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FreeBSD-EN-06:01.jail Errata Notice The FreeBSD Project Topic: Jail startup scripts may override some global jail_* variables. Category: core Module: etc_rc.d Announced: 2006-07-07 Credits: Florent Thoumie, Pawel Dawidek, Cheng-Lung Sung Affects: FreeBSD 6.1-RELEASE Corrected: 2006-07-07 07:25:21 UTC I. Background System startup scripts, typically in /etc/rc.d, control what happens as a system boots to multi-user mode. The behavior of those scripts can be controlled by "global" variables in /etc/rc.conf. II. Problem Description The names of several internal variables in the jail startup script conflicted with those of global variables that could be set by administrators. In addition, some configuration variables are not properly validated in the jail startup script. III. Impact Jails may not have started up as the administrator intended. If some configuration variables required by jail configuration in /etc/rc.conf are not correctly set jail startup may have been attempted by the script anyway. IV. Solution Do one of the following to update the source tree: 1) Upgrade your affected system to the RELENG_6_1 errata branch dated after the correction date using cvsup(1) or cvs(1). This is the preferred method. For information on how to use cvsup(1) to update your source code see: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html 2) Obtain the updated files using the cvsweb interface. Cvsweb is a Web interface to the CVS repository. The URL to the general interface is "http://www.freebsd.org/cgi/cvsweb.cgi/". You can obtain any of the source files for the RELENG_6_1 branch by going to the src directory ("http://www.freebsd.org/cgi/cvsweb.cgi/src") and then selecting the "RELENG_6_1" branch tag. With the branch tag set navigate to the files listed below in the "Correction details" section and download them, making sure you get the correct revision numbers. Copy the downloaded files into your /usr/src tree. If using the second procedure you should make sure you have used that same procedure to download all previous Errata Notices and Security Advisories. We strongly discourage this procedure due to the problems that may be caused by not doing that - using the first procedure takes care of making sure all updates get applied. Then use mergemaster(8) to install the updated startup script support. Note that mergemaster(8) will expect to find a normal object file tree having resulted from doing 'make world' in /usr/src, and will build one if it does not exist. If you do not have a recent object file tree you may want to just manually copy the src/etc/rc.d/jail and src/etc/defaults/rc.conf files into place. V. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. - --------------------------------------------------------------------------- RELENG_6_1 Revision Changes Path 1.416.2.22.2.5 +3 -0 src/UPDATING 1.23.2.3.2.2 +102 -91 src/etc/rc.d/jail 1.69.2.11.2.5 +1 -1 src/sys/conf/newvers.sh - --------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFErgzzFdaIBMps37IRAh17AJwLueUv5ZzXrbZG8qtL1lwgpPZCCgCfYGxE 2oAorGMRBTbqVx/YhKJX1lA=Lmti -----END PGP SIGNATURE-----