ports/144010: devel/apr1 tries to use SYSVIPC even in jails
Nathaniel W Filardo
nwf at cs.jhu.edu
Thu Feb 9 03:28:44 UTC 2012
On Thu, Feb 09, 2012 at 02:59:08AM +0000, pgollucci at freebsd.org wrote:
> Synopsis: devel/apr1 tries to use SYSVIPC even in jails
>
> State-Changed-From-To: open->closed
> State-Changed-By: pgollucci
> State-Changed-When: Thu Feb 9 02:59:08 UTC 2012
> State-Changed-Why:
> sysctl security.jail.sysvipc_allowed=1 before you build it in a jail if
> you need this
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=144010
IMHO it would be better if APR were told to use a different IPC mechanism
if it were jailed. sysvipc_allowed has dramatically negative security
implications that the other IPC mechanisms it can use do not, AIUI.
Thanks.
--nwf;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-apache/attachments/20120209/71c3fb8e/attachment.pgp
More information about the freebsd-apache
mailing list