From colin.percival@wadham.ox.ac.uk  Wed Jan  7 15:13:29 2004
Return-Path: <colin.percival@wadham.ox.ac.uk>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5835F16A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  7 Jan 2004 15:13:29 -0800 (PST)
Received: from tx1.oucs.ox.ac.uk (tx1.oucs.ox.ac.uk [129.67.1.167])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D611B43D2D
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  7 Jan 2004 15:13:26 -0800 (PST)
	(envelope-from colin.percival@wadham.ox.ac.uk)
Received: from scan1.oucs.ox.ac.uk ([129.67.1.166] helo=localhost)
	by tx1.oucs.ox.ac.uk with esmtp (Exim 4.20)
	id 1AeMrd-0006Jy-Iy
	for FreeBSD-gnats-submit@freebsd.org; Wed, 07 Jan 2004 23:13:25 +0000
Received: from rx1.oucs.ox.ac.uk ([129.67.1.165])
 by localhost (scan1.oucs.ox.ac.uk [129.67.1.166]) (amavisd-new, port 25)
 with ESMTP id 24052-08 for <FreeBSD-gnats-submit@freebsd.org>;
 Wed,  7 Jan 2004 23:13:25 +0000 (GMT)
Received: from gateway.wadham.ox.ac.uk ([163.1.161.253])
	by rx1.oucs.ox.ac.uk with smtp (Exim 4.20)
	id 1AeMrd-0006Jv-5X
	for FreeBSD-gnats-submit@freebsd.org; Wed, 07 Jan 2004 23:13:25 +0000
Received: (qmail 17541 invoked by uid 0); 7 Jan 2004 23:13:25 -0000
Received: from colin.percival@wadham.ox.ac.uk by gateway by uid 71 with qmail-scanner-1.16 
 (sweep: 2.14/3.71. spamassassin: 2.53.  Clear:. 
 Processed in 1.431093 secs); 07 Jan 2004 23:13:25 -0000
Received: from dhcp1131.wadham.ox.ac.uk (HELO piii600.wadham.ox.ac.uk) (163.1.161.131)
  by gateway.wadham.ox.ac.uk with SMTP; 7 Jan 2004 23:13:24 -0000
Message-Id: <6.0.1.1.1.20040107231133.046195f8@imap.sfu.ca>
Date: Wed, 07 Jan 2004 23:13:18 +0000
From: MAILER-DAEMON@fafnir.daemonology.net (by way of Colin Percival <colin.percival@wadham.ox.ac.uk>)
To: FreeBSD-gnats-submit@freebsd.org
Subject: devfs_domount doesn't applyset

>Number:         61047
>Category:       bin
>Synopsis:       devfs_domount doesn't applyset
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jan 07 15:20:14 PST 2004
>Closed-Date:    Wed Jan 21 08:37:44 PST 2004
>Last-Modified:  Wed Jan 21 08:37:44 PST 2004
>Originator:     Colin Percival
>Release:        FreeBSD 5.2-RC i386
>Organization:
>Environment:
System: FreeBSD fafnir.daemonology.net 5.2-RC FreeBSD 5.2-RC #3: Sun Jan 4 
16:13:57 GMT 2004 
cperciva@fafnir.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386
>Description:
In rc.subr, devfs_domount creates a devfs, loads predefined rulesets,
and sets a ruleset for the new devfs, but it doesn't apply the ruleset.
This can cause security problems when devices are visible inside a jail.

Reported by BSDC (at xtremedev.com) on -current.

>How-To-Repeat:
>Fix:

Apply the ruleset after setting it.

--- rc.subr.diff begins here ---
Index: rc.subr
===================================================================
RCS file: /usr/local/freebsd-update-server/cvs/src/etc/rc.subr,v
retrieving revision 1.16
diff -u -r1.16 rc.subr
--- rc.subr	20 Aug 2003 06:50:34 -0000	1.16
+++ rc.subr	6 Jan 2004 14:42:38 -0000
@@ -1230,6 +1230,7 @@
  	if [ -n "$rs" ]; then
  		devfs_init_rulesets
  		devfs_set_ruleset $rs $devdir
+		devfs -m $devdir rule applyset
  	fi
  	return 0
  }
--- rc.subr.diff ends here ---

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Wed Jan 7 19:33:16 PST 2004 
Responsible-Changed-Why:  
Try to rescue this one from pending (looks like there were editing 
problems). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=61047 
State-Changed-From-To: open->closed 
State-Changed-By: cperciva 
State-Changed-When: Wed Jan 21 08:37:15 PST 2004 
State-Changed-Why:  
Close my PR, I've committed the patch. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=61047 
>Unformatted:
