jail && (ping && traceroute)
Mooneer Salem
mooneer at translator.cx
Fri May 30 14:07:27 PDT 2003
Hello,
It involves allowing all applications inside the jail access to raw sockets.
Raw sockets are also responsible
for ipfw and other services; therefore, it may be prudent to add separate
sysctl settings allowing/denying
access to those. I have a patch that does allow raw sockets and allows
people inside a jail to add ipfw rules
for their own IP address(es), among other things. See
http://msalem.translator.cx/dist/jail_separation.v7.patch
(for 5.0-RELEASE). :)
Thanks,
--
Mooneer Salem
GPLTrans: http://www.translator.cx/
lifeafterking.org: http://www.lifeafterking.org/
-----Original Message-----
From: owner-freebsd-hackers at freebsd.org
[mailto:owner-freebsd-hackers at freebsd.org]On Behalf Of Alexandr Kovalenko
Sent: Friday, May 30, 2003 7:36 AM
To: freebsd-hackers at freebsd.org
Subject: jail && (ping && traceroute)
[Please Cc: me on reply]
Hello,
I have 2 questions:
- where in code should I search for icmp socket binding prohibition in
jail?;
- what bad consequences will appear if I remove those checks and
prohibition?.
Thanks in advance!
--
NEVE-RIPE, will build world for food
Ukrainian FreeBSD User Group
http://uafug.org.ua/
_______________________________________________
freebsd-hackers at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
More information about the freebsd-hackers
mailing list