From owner-freebsd-bugs@FreeBSD.ORG  Mon Jul  9 20:30:11 2012
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7077A1065673
	for <freebsd-bugs@hub.freebsd.org>;
	Mon,  9 Jul 2012 20:30:11 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 335728FC14
	for <freebsd-bugs@hub.freebsd.org>;
	Mon,  9 Jul 2012 20:30:11 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q69KUBFn054118
	for <freebsd-bugs@freefall.freebsd.org>; Mon, 9 Jul 2012 20:30:11 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q69KUBgQ054116;
	Mon, 9 Jul 2012 20:30:11 GMT (envelope-from gnats)
Resent-Date: Mon, 9 Jul 2012 20:30:11 GMT
Resent-Message-Id: <201207092030.q69KUBgQ054116@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	David Thiel <lx@redundancy.redundancy.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0D8D1106564A
	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon,  9 Jul 2012 20:20:40 +0000 (UTC)
	(envelope-from lx@redundancy.redundancy.org)
Received: from redundancy.redundancy.org (75-101-96-57.dsl.static.sonic.net
	[75.101.96.57]) by mx1.freebsd.org (Postfix) with SMTP id CA14B8FC16
	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon,  9 Jul 2012 20:20:39 +0000 (UTC)
Received: (qmail 84932 invoked by uid 1001); 9 Jul 2012 20:17:04 -0000
Message-Id: <20120709201704.84931.qmail@redundancy.redundancy.org>
Date: 9 Jul 2012 20:17:04 -0000
From: David Thiel <lx@redundancy.redundancy.org>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: kern/169751: reading routing information does not work in jails
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: David Thiel <lx@redundancy.redundancy.org>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jul 2012 20:30:11 -0000


>Number:         169751
>Category:       kern
>Synopsis:       reading routing information does not work in jails
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jul 09 20:30:10 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     David Thiel
>Release:        FreeBSD 9.0-RELEASE amd64
>Organization:
>Environment:
System: FreeBSD redundancy.redundancy.org 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:46:30 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64

>Description:

Processes do not appear to be able to open routing sockets within jails, 
regardless of the setting of the security.jail.socket_unixiproute_only or 
security.jail.allow_raw_sockets sysctls. This manifests as not being able to 
use commands such as "route get" or "nmap" SYN scans. While it is 
understandable that one should not be able to write to routing sockets from a 
non-VIMAGE jail, being able to read this information is quite useful 
functionality (critical, in my case).

http://marc.info/?l=freebsd-stable&m=133590147421290&w=2
http://seclists.org/nmap-dev/2012/q2/220

>How-To-Repeat:

Outside of a jail:

    [dthiel@host ~ 1350 ] sudo route get asdf.com
       route to: apache2-emu.malabo.dreamhost.com
    destination: default
           mask: default
        gateway: 210.15.12.11
      interface: em0
          flags: <UP,GATEWAY,DONE,STATIC>
     recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
           0         0         0         0      1500         1         0 

Inside jail:

    [dthiel@host ~ 1347 ] sudo jexec 15 /bin/sh 
    # route get asdf.com
    route: writing to routing socket: No such process
    
    # nmap freebsd.org
    
    Starting Nmap 6.00 ( http://nmap.org ) at 2012-07-09 20:08 UTC
    nexthost: failed to determine route to freebsd.org (69.147.83.40)
    QUITTING!

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: