Identd in jail.
Piotr Chytla
pch at fouk.org
Tue Feb 15 11:33:45 PST 2005
Hi
Few days ago I've problem with running identd in jail on 4.10-stable
I've found that getcred() sysctl isn't permitted from within jail on 4.x.
R.Watson suggest some "cheap hack" for this but I've solved this
without patching the kernel.
My patched ident gets result of getcred() sysctl from jauthd daemon via
unix socket. Jauthd is simply getcred proxy, it gets two sockadddr_in
from jailed process and sends ucred.
Jauthd daemon can be extend to verify data recived from jailed process,
and of course to listen in many jails .
I know that this isn't far better then "cheap hack" :)) but for sure it don't
give getcred sysctl for everyone in the system, and in all jails.
http://fouk.org/~pch/patches/builtins.c.patch
applay this patch to /usr/src/usr.sbin/inetd/builtins.c and add AUTHJAIL to
Makefile
http://fouk.org/~pch/patches/jauthd.c
/pch
More information about the freebsd-security
mailing list