jail manipulation of routing table

lemon lemon at aldigital.co.uk
Tue May 20 04:17:15 PDT 2003


i'm puzzled about a jail'd root user's ability to manipulate the host's 
routing table - i was under the impression that this shouldn't be 
allowed [0].

the scary bit is the jail'd root can drop the host's default route.

should this be the case? have i missed some sysctl knob?

maybe i need to patch kern/uipc_socket.c's socreate to be less 
permissive with the unixiproute_only sysctl (rendering it a misnomer, 
perhaps another sysctl altogether would be better).

jail# route add -host
add host gateway

host$ netstat -nr | grep              UGHS        0        0    rl0

host$ sysctl -a | grep jail
jail.set_hostname_allowed: 0
jail.socket_unixiproute_only: 1
jail.sysvipc_allowed: 0

host$ uname -a
FreeBSD 4.8-STABLE FreeBSD 4.8-STABLE #5: Sun May 18 23:04:37 BST 2003 
    root at pith.lemonia.org:/usr/obj/usr/src/sys/pith  i386

regards, l.

[0] <http://docs.freebsd.org/44doc/papers/jail/jail.html>

lemon at aldigital.co.uk	+44 020 8742 0755   http://www.aldigital.co.uk/
system administrivia         c6 h8 o7         http://www.thebunker.net/

More information about the freebsd-questions mailing list