kern/169751: reading routing information does not work in jails
David Thiel
lx at redundancy.redundancy.org
Mon Jul 9 20:30:11 UTC 2012
>Number: 169751
>Category: kern
>Synopsis: reading routing information does not work in jails
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jul 09 20:30:10 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: David Thiel
>Release: FreeBSD 9.0-RELEASE amd64
>Organization:
>Environment:
System: FreeBSD redundancy.redundancy.org 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:46:30 UTC 2012 root at farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
Processes do not appear to be able to open routing sockets within jails,
regardless of the setting of the security.jail.socket_unixiproute_only or
security.jail.allow_raw_sockets sysctls. This manifests as not being able to
use commands such as "route get" or "nmap" SYN scans. While it is
understandable that one should not be able to write to routing sockets from a
non-VIMAGE jail, being able to read this information is quite useful
functionality (critical, in my case).
http://marc.info/?l=freebsd-stable&m=133590147421290&w=2
http://seclists.org/nmap-dev/2012/q2/220
>How-To-Repeat:
Outside of a jail:
[dthiel at host ~ 1350 ] sudo route get asdf.com
route to: apache2-emu.malabo.dreamhost.com
destination: default
mask: default
gateway: 210.15.12.11
interface: em0
flags: <UP,GATEWAY,DONE,STATIC>
recvpipe sendpipe ssthresh rtt,msec mtu weight expire
0 0 0 0 1500 1 0
Inside jail:
[dthiel at host ~ 1347 ] sudo jexec 15 /bin/sh
# route get asdf.com
route: writing to routing socket: No such process
# nmap freebsd.org
Starting Nmap 6.00 ( http://nmap.org ) at 2012-07-09 20:08 UTC
nexthost: failed to determine route to freebsd.org (69.147.83.40)
QUITTING!
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list