Changes in /etc/rc.d/jail
Andrey Groshev
andrey.groshev at yartv.ru
Thu Jun 9 09:19:13 UTC 2011
Hello All!
The other day, looking in "/etc/rc.d/jail" saw the change that would not
like to be ignored.
After seeing comments in the CVS, I thought that people understand the
addition of "&" how to add a parallel load prisons.
This is done not for this!
The fact is that last year I wrote a kern/139422.
The essence is as follows:
For example, a hacked jail.
An attacker puts in jail is never ending start script (like while true
;....).
The next time you restart the parent system, the subsystem will start
after / etc / rc.d / jail did not start.
# rcorder /etc/rc.d/* ......
130 /etc/rc.d/jail
131 /etc/rc.d/localpkg
132 /etc/rc.d/securelevel
133 /etc/rc.d/power_profile
134 /etc/rc.d/othermta
135 /etc/rc.d/nfscbd
136 /etc/rc.d/natd
137 /etc/rc.d/msgs
138 /etc/rc.d/moused
139 /etc/rc.d/mixer
140 /etc/rc.d/inetd
141 /etc/rc.d/hostapd
142 /etc/rc.d/gptboot
143 /etc/rc.d/geli2
144 /etc/rc.d/ftpd
145 /etc/rc.d/ftp-proxy
146 /etc/rc.d/dhclient
147 /etc/rc.d/bsnmpd
148 /etc/rc.d/bridge
149 /etc/rc.d/bluetooth
150 /etc/rc.d/bgfsck
151 /etc/rc.d/addswap
Ieparent system may not be workable.
Therefore, IMHO, or should go back to the originally done (as in version
1.44), or default allow "parallel" booting, or come up with a plan "B".
Best regards, Andrey Groshev aka GreenX.
More information about the freebsd-jail
mailing list