cvs commit: src/sys/kern kern_jail.c
Poul-Henning Kamp
phk at phk.freebsd.dk
Sun Feb 15 12:36:03 PST 2004
In message <20040215201238.GA52924 at xor.obsecurity.org>, Kris Kennaway writes:
>
>--mP3DRpeJDSE+ciuQ
>Content-Type: text/plain; charset=us-ascii
>Content-Disposition: inline
>
>On Sun, Feb 15, 2004 at 08:34:21AM -0800, Julian Elischer wrote:
>
>> you sometimes need to be able to know you are in a jail so that you can
>> know not to attempt things that are not permitted in jails..
>> (e.g. pings, or ifconfig'ing network interfaces)
>
>If you try to ping or ifconfig and discover that you can't, you're in
>a jail.
Here is the canonical "injail.c" program:
#include <stdio.h>
#include <sys/types.h>
#include <sys/sysctl.h>
#include <sys/param.h>
#include <sys/user.h>
/*
* Exit 0 = no
* Exit 1 = maybe
* Exit 2 = yes
*/
int
main(int argc, char **argv)
{
int mib[4];
int i, l;
struct kinfo_proc buf;
mib[0] = CTL_KERN;
mib[1] = KERN_PROC;
mib[2] = KERN_PROC_PID;
mib[3] = getpid();
l = sizeof buf;
i = sysctl(mib, 4, &buf, &l, NULL, 0);
if (i != 0 || l != sizeof buf)
exit(1);
if (buf.kp_proc.p_flag & P_JAILED)
exit(2);
exit (0);
}
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the cvs-all
mailing list