From noreply at github.com Wed Feb 24 10:08:58 2021 From: noreply at github.com (Lucas Holt) Date: Wed, 24 Feb 2021 07:08:58 -0800 Subject: [Midnightbsd-cvs] [MidnightBSD/src] b0a802: Fix a security issue with PAM where the rules woul... Message-ID: Branch: refs/heads/master Home: https://github.com/MidnightBSD/src Commit: b0a80227d7865880feef2aa9d079552ff1b961d0 https://github.com/MidnightBSD/src/commit/b0a80227d7865880feef2aa9d079552ff1b961d0 Author: Lucas Holt Date: 2021-02-24 (Wed, 24 Feb 2021) Changed paths: M UPDATING M lib/libpam/modules/pam_login_access/login_access.c Log Message: ----------- Fix a security issue with PAM where the rules would not be applied. From noreply at github.com Wed Feb 24 10:31:45 2021 From: noreply at github.com (Lucas Holt) Date: Wed, 24 Feb 2021 07:31:45 -0800 Subject: [Midnightbsd-cvs] [MidnightBSD/src] dd5431: Fix a security issue with PAM where the rules woul... Message-ID: Branch: refs/heads/stable/2.0 Home: https://github.com/MidnightBSD/src Commit: dd543133afebb40864db89090589832fdfa4d44f https://github.com/MidnightBSD/src/commit/dd543133afebb40864db89090589832fdfa4d44f Author: Lucas Holt Date: 2021-02-24 (Wed, 24 Feb 2021) Changed paths: M UPDATING M lib/libpam/modules/pam_login_access/login_access.c Log Message: ----------- Fix a security issue with PAM where the rules would not be applied. From noreply at github.com Wed Feb 24 10:36:49 2021 From: noreply at github.com (Lucas Holt) Date: Wed, 24 Feb 2021 07:36:49 -0800 Subject: [Midnightbsd-cvs] [MidnightBSD/src] b1b8a7: use sysrc instead of making potential duplicates Message-ID: Branch: refs/heads/stable/2.0 Home: https://github.com/MidnightBSD/src Commit: b1b8a704beebd6c4216a425feb48e0d80c59a699 https://github.com/MidnightBSD/src/commit/b1b8a704beebd6c4216a425feb48e0d80c59a699 Author: Lucas Holt Date: 2021-02-24 (Wed, 24 Feb 2021) Changed paths: M etc/rc.d/firstboot Log Message: ----------- use sysrc instead of making potential duplicates From noreply at github.com Wed Feb 24 10:38:21 2021 From: noreply at github.com (Lucas Holt) Date: Wed, 24 Feb 2021 07:38:21 -0800 Subject: [Midnightbsd-cvs] [MidnightBSD/src] Message-ID: Branch: refs/tags/2.0.5 Home: https://github.com/MidnightBSD/src From noreply at github.com Wed Feb 24 13:00:48 2021 From: noreply at github.com (Lucas Holt) Date: Wed, 24 Feb 2021 10:00:48 -0800 Subject: [Midnightbsd-cvs] [MidnightBSD/src] e464b0: Grant mapping operations often occur in batch hype... Message-ID: Branch: refs/heads/master Home: https://github.com/MidnightBSD/src Commit: e464b0f0af7e6bddd57a9e195ebe3fd54b51f8a1 https://github.com/MidnightBSD/src/commit/e464b0f0af7e6bddd57a9e195ebe3fd54b51f8a1 Author: Lucas Holt Date: 2021-02-24 (Wed, 24 Feb 2021) Changed paths: M sys/dev/xen/blkback/blkback.c Log Message: ----------- Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in HVM/PVH mode, the BSD backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Obtained from: FreeBSD Commit: b0699e38c76746af38861ed7493a4c7fe595cc58 https://github.com/MidnightBSD/src/commit/b0699e38c76746af38861ed7493a4c7fe595cc58 Author: Lucas Holt Date: 2021-02-24 (Wed, 24 Feb 2021) Changed paths: M UPDATING Log Message: ----------- Document xen fix Compare: https://github.com/MidnightBSD/src/compare/b0a80227d786...b0699e38c767 From noreply at github.com Wed Feb 24 14:26:47 2021 From: noreply at github.com (Lucas Holt) Date: Wed, 24 Feb 2021 11:26:47 -0800 Subject: [Midnightbsd-cvs] [MidnightBSD/src] 2ffb3b: Grant mapping operations often occur in batch hype... Message-ID: Branch: refs/heads/stable/2.0 Home: https://github.com/MidnightBSD/src Commit: 2ffb3bf16b228cb444bc747a9191dff9a27fd4df https://github.com/MidnightBSD/src/commit/2ffb3bf16b228cb444bc747a9191dff9a27fd4df Author: Lucas Holt Date: 2021-02-24 (Wed, 24 Feb 2021) Changed paths: M sys/dev/xen/blkback/blkback.c Log Message: ----------- Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in HVM/PVH mode, the BSD backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Obtained from: FreeBSD Commit: 375110f33c7b18e8467cf11b855437b1db180a95 https://github.com/MidnightBSD/src/commit/375110f33c7b18e8467cf11b855437b1db180a95 Author: Lucas Holt Date: 2021-02-24 (Wed, 24 Feb 2021) Changed paths: M sys/conf/newvers.sh Log Message: ----------- bump version. Commit: 8158e8354dc4e703801f689dd2242ad901c7aacd https://github.com/MidnightBSD/src/commit/8158e8354dc4e703801f689dd2242ad901c7aacd Author: Lucas Holt Date: 2021-02-24 (Wed, 24 Feb 2021) Changed paths: M UPDATING Log Message: ----------- Document xen fix Compare: https://github.com/MidnightBSD/src/compare/b1b8a704beeb...8158e8354dc4 From noreply at github.com Wed Feb 24 14:54:27 2021 From: noreply at github.com (Lucas Holt) Date: Wed, 24 Feb 2021 11:54:27 -0800 Subject: [Midnightbsd-cvs] [MidnightBSD/src] c1ddf4: A process running inside a jail can avoid being ki... Message-ID: Branch: refs/heads/stable/2.0 Home: https://github.com/MidnightBSD/src Commit: c1ddf404e381c00a3450b079e599bcc3547f84b4 https://github.com/MidnightBSD/src/commit/c1ddf404e381c00a3450b079e599bcc3547f84b4 Author: Lucas Holt Date: 2021-02-24 (Wed, 24 Feb 2021) Changed paths: M sys/kern/kern_fork.c M sys/kern/kern_jail.c M sys/sys/jail.h Log Message: ----------- A process running inside a jail can avoid being killed during jail termination. If a jail is subsequently started with the same root path, a lingering jailed process may be able to exploit the window during which a devfs filesystem is mounted but the jail's devfs ruleset has not been applied, to access device nodes which are ordinarily inaccessible. If the process is privileged, it may be able to escape the jail and gain full access to the system. Obtained from: FreeBSD From noreply at github.com Wed Feb 24 17:19:24 2021 From: noreply at github.com (Lucas Holt) Date: Wed, 24 Feb 2021 14:19:24 -0800 Subject: [Midnightbsd-cvs] [MidnightBSD/src] b7585f: A process running inside a jail can avoid being ki... Message-ID: Branch: refs/heads/master Home: https://github.com/MidnightBSD/src Commit: b7585f1e73a56e30dd193f3350f811519a9a1eca https://github.com/MidnightBSD/src/commit/b7585f1e73a56e30dd193f3350f811519a9a1eca Author: Lucas Holt Date: 2021-02-24 (Wed, 24 Feb 2021) Changed paths: M sys/kern/kern_fork.c M sys/kern/kern_jail.c M sys/sys/jail.h Log Message: ----------- A process running inside a jail can avoid being killed during jail termination. If a jail is subsequently started with the same root path, a lingering jailed process may be able to exploit the window during which a devfs filesystem is mounted but the jail's devfs ruleset has not been applied, to access device nodes which are ordinarily inaccessible. If the process is privileged, it may be able to escape the jail and gain full access to the system. Obtained from: FreeBSD From noreply at github.com Wed Feb 24 17:20:18 2021 From: noreply at github.com (Lucas Holt) Date: Wed, 24 Feb 2021 14:20:18 -0800 Subject: [Midnightbsd-cvs] [MidnightBSD/src] 89ba15: When a process, such as jexec(8) or killall(1), ca... Message-ID: Branch: refs/heads/master Home: https://github.com/MidnightBSD/src Commit: 89ba1568a78a006ebdf96611dc400a81cd3b3b7e https://github.com/MidnightBSD/src/commit/89ba1568a78a006ebdf96611dc400a81cd3b3b7e Author: Lucas Holt Date: 2021-02-24 (Wed, 24 Feb 2021) Changed paths: M lib/libc/sys/jail.2 M sys/kern/kern_descrip.c M sys/kern/kern_jail.c M sys/sys/filedesc.h Log Message: ----------- When a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed. From noreply at github.com Wed Feb 24 17:30:10 2021 From: noreply at github.com (Lucas Holt) Date: Wed, 24 Feb 2021 14:30:10 -0800 Subject: [Midnightbsd-cvs] [MidnightBSD/src] d616f4: When a process, such as jexec(8) or killall(1), ca... Message-ID: Branch: refs/heads/stable/2.0 Home: https://github.com/MidnightBSD/src Commit: d616f4d86942881233baa3f6ae797c2abed9fb99 https://github.com/MidnightBSD/src/commit/d616f4d86942881233baa3f6ae797c2abed9fb99 Author: Lucas Holt Date: 2021-02-24 (Wed, 24 Feb 2021) Changed paths: M lib/libc/sys/jail.2 M sys/kern/kern_descrip.c M sys/kern/kern_jail.c M sys/sys/filedesc.h Log Message: ----------- When a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed. From noreply at github.com Sat Feb 27 14:25:08 2021 From: noreply at github.com (Lucas Holt) Date: Sat, 27 Feb 2021 11:25:08 -0800 Subject: [Midnightbsd-cvs] [MidnightBSD/src] Message-ID: Branch: refs/tags/2.0.6 Home: https://github.com/MidnightBSD/src