src

Clone Tools
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
bump version.

document

Due to a race condition between lookup of ".." and remounting a filesystem, a process running inside a jail might access filesystem hierarchy outside of jail.

Obtained from: FreeBSD

Due to a race condition between lookup of ".." and remounting a filesystem, a process running inside a jail might access filesystem hierarchy outside of jail.

Obtained from: FreeBSD

document change

A particular case of memory sharing is mishandled in the virtual memory system. It is possible and legal to establish a relationship where multiple descendant processes share a mapping which shadows memory of an ancestor process. In this scenario, when one process modifies memory through such a mapping, the copy-on-write logic fails to invalidate other mappings of the source page. These stale mappings may remain even after the mapped pages have been reused for another purpose.

Obtained from: FreeBSD

A particular case of memory sharing is mishandled in the virtual memory system. It is possible and legal to establish a relationship where multiple descendant processes share a mapping which shadows memory of an ancestor process. In this scenario, when one process modifies memory through such a mapping, the copy-on-write logic fails to invalidate other mappings of the source page. These stale mappings may remain even after the mapped pages have been reused for another purpose.

Obtained from: FreeBSD

Import mport 2.0.6

When a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed.

When a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed.

A process running inside a jail can avoid being killed during jail termination. If a jail is subsequently started with the same root path, a lingering jailed process may be able to exploit the window during which a devfs filesystem is mounted but the jail's devfs ruleset has not been applied, to access device nodes which are ordinarily inaccessible. If the process is privileged, it may be able to escape the jail and gain full access to the system.

Obtained from: FreeBSD

A process running inside a jail can avoid being killed during jail termination. If a jail is subsequently started with the same root path, a lingering jailed process may be able to exploit the window during which a devfs filesystem is mounted but the jail's devfs ruleset has not been applied, to access device nodes which are ordinarily inaccessible. If the process is privileged, it may be able to escape the jail and gain full access to the system.

Obtained from: FreeBSD

bump version.

Document xen fix

Document xen fix

Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation.

Unfortunately, when running in HVM/PVH mode, the BSD backend drivers

mishandle this: Some errors are ignored, effectively implying their success

from the success of related batch elements. In other cases, errors resulting

from one batch element lead to further batch elements not being inspected,

and hence successful ones to not be possible to properly unmap upon error

recovery.

Obtained from: FreeBSD

Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation.

Unfortunately, when running in HVM/PVH mode, the BSD backend drivers

mishandle this: Some errors are ignored, effectively implying their success

from the success of related batch elements. In other cases, errors resulting

from one batch element lead to further batch elements not being inspected,

and hence successful ones to not be possible to properly unmap upon error

recovery.

Obtained from: FreeBSD

use sysrc instead of making potential duplicates

Fix a security issue with PAM where the rules would not be applied.

Fix a security issue with PAM where the rules would not be applied.

document some of the changes since 2.0.2

bump the version

fix build

Fix some more mport

Switch to external mport and place it in contrib.

Update to 2.0.5

    • -0
    • +41
    /contrib/mport/.gitignore
    • -0
    • +11
    /contrib/mport/Jenkinsfile
    • -0
    • +26
    /contrib/mport/LICENSE
    • -0
    • +5
    /contrib/mport/Makefile
    • -0
    • +12
    /contrib/mport/README.md
    • -0
    • +14
    /contrib/mport/SECURITY.md
    • -0
    • +17
    /contrib/mport/libexec/Makefile
    • -0
    • +14
    /contrib/mport/libexec/mport.check-fake/Makefile
    • -0
    • +14
    /contrib/mport/libexec/mport.check-for-older/Makefile
    • -0
    • +14
    /contrib/mport/libexec/mport.create/Makefile
    • -0
    • +215
    /contrib/mport/libexec/mport.create/mport.create.c
    • -0
    • +14
    /contrib/mport/libexec/mport.delete/Makefile
    • -0
    • +119
    /contrib/mport/libexec/mport.delete/mport.delete.c
  1. … 124 more files in changeset.
Switch to external mport and place it in contrib.

Update to 2.0.5

    • -0
    • +41
    /contrib/mport/.gitignore
    • -0
    • +11
    /contrib/mport/Jenkinsfile
    • -0
    • +26
    /contrib/mport/LICENSE
    • -0
    • +5
    /contrib/mport/Makefile
    • -0
    • +12
    /contrib/mport/README.md
    • -0
    • +14
    /contrib/mport/SECURITY.md
    • -0
    • +17
    /contrib/mport/libexec/Makefile
    • -0
    • +14
    /contrib/mport/libexec/mport.check-fake/Makefile
    • -0
    • +14
    /contrib/mport/libexec/mport.check-for-older/Makefile
    • -0
    • +14
    /contrib/mport/libexec/mport.create/Makefile
    • -0
    • +215
    /contrib/mport/libexec/mport.create/mport.create.c
    • -0
    • +14
    /contrib/mport/libexec/mport.delete/Makefile
    • -0
    • +119
    /contrib/mport/libexec/mport.delete/mport.delete.c
  1. … 124 more files in changeset.
add xfce config

Update Jenkinsfile

add some more

fix a warning

    • -1
    • +1
    /lib/libmport/bundle_read_install_pkg.c