jail && (ping && traceroute)

Mooneer Salem mooneer at translator.cx
Fri May 30 14:07:27 PDT 2003


It involves allowing all applications inside the jail access to raw sockets.
Raw sockets are also responsible
for ipfw and other services; therefore, it may be prudent to add separate
sysctl settings allowing/denying
access to those. I have a patch that does allow raw sockets and allows
people inside a jail to add ipfw rules
for their own IP address(es), among other things. See
(for 5.0-RELEASE). :)


Mooneer Salem
GPLTrans: http://www.translator.cx/
lifeafterking.org: http://www.lifeafterking.org/

-----Original Message-----
From: owner-freebsd-hackers at freebsd.org
[mailto:owner-freebsd-hackers at freebsd.org]On Behalf Of Alexandr Kovalenko
Sent: Friday, May 30, 2003 7:36 AM
To: freebsd-hackers at freebsd.org
Subject: jail && (ping && traceroute)

[Please Cc: me on reply]


I have 2 questions:

 - where in code should I search for icmp socket binding prohibition in
 - what bad consequences will appear if I remove those checks and

Thanks in advance!

NEVE-RIPE, will build world for food
Ukrainian FreeBSD User Group
freebsd-hackers at freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"

More information about the freebsd-hackers mailing list