[Bug 217728] [patch] restrict access to reserved ports in jails
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Mar 12 17:00:01 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217728
Bug ID: 217728
Summary: [patch] restrict access to reserved ports in jails
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Keywords: patch
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: freebsd-bugs at FreeBSD.org
Reporter: mattm916 at pulsar.neomailbox.ch
Keywords: patch
Created attachment 180751
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=180751&action=edit
patch to add the allow.reserved_port option to jail(8)
The attached patch adds a new jail(8) configuration option to deny the use of
reserved ports inside jail. This is intended for use in shared-IP jails that
set the "ipv4=inherit" option, and would not be useful in VNET-enabled jails.
The primary use case is for delegating jail administration to ordinary users
who would otherwise not be allowed access to run services reserved ports.
Without this patch, ordinary users who have root privileges inside a shared-IP
jail have the ability to run services that potentially conflict with the host,
such as SSH or Sendmail.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list