From owner-freebsd-current@FreeBSD.ORG Tue Jun 3 07:45:00 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 914CAC33 for ; Tue, 3 Jun 2014 07:45:00 +0000 (UTC) Received: from smtp.fagskolen.gjovik.no (smtp.fagskolen.gjovik.no [IPv6:2001:700:1100:1:200:ff:fe00:b]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "smtp.fagskolen.gjovik.no", Issuer "Fagskolen i Gj??vik" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 06A7E287C for ; Tue, 3 Jun 2014 07:44:59 +0000 (UTC) Received: from mail.fig.ol.no (localhost [127.0.0.1]) by mail.fig.ol.no (8.14.8/8.14.8) with ESMTP id s537iqqG041515 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 3 Jun 2014 09:44:52 +0200 (CEST) (envelope-from trond@fagskolen.gjovik.no) Received: from localhost (trond@localhost) by mail.fig.ol.no (8.14.8/8.14.8/Submit) with ESMTP id s537iqTs041512; Tue, 3 Jun 2014 09:44:52 +0200 (CEST) (envelope-from trond@fagskolen.gjovik.no) X-Authentication-Warning: mail.fig.ol.no: trond owned process doing -bs Date: Tue, 3 Jun 2014 09:44:52 +0200 (CEST) From: =?ISO-8859-1?Q?Trond_Endrest=F8l?= Sender: Trond.Endrestol@fagskolen.gjovik.no To: Beeblebrox Subject: Re: jail sockstat shows gdnc, gdomap, casperd as enabled In-Reply-To: <1401778952788-5917302.post@n5.nabble.com> Message-ID: References: <1401778952788-5917302.post@n5.nabble.com> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) Organization: Fagskolen Innlandet OpenPGP: url=http://fig.ol.no/~trond/trond.key MIME-Version: 1.0 X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=ham autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mail.fig.ol.no Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.18 Cc: freebsd-current@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2014 07:45:00 -0000 On Tue, 3 Jun 2014 00:02-0700, Beeblebrox wrote: > Some (not all) of my jails show gdnc, gdomap & casperd services with sockstat > listing. The jails that show these services have /usr/local mounted as ro to > jailname/usr/local. > > root gdnc 1433 5 stream /tmp/GNUstepSecure0/NSMessagePort/ports/1433.0 > nobody gdomap 1378 3 udp4 192.168.2.50:538 *:* > nobody gdomap 1378 4 tcp4 192.168.2.50:538 *:* These two are related to GNUstep. If your jails don't run GNUstep, why is GNUstep installed in the first place? http://www.gnustep.org/resources/documentation/Developer/Tools/Reference/gdnc.html http://www.gnustep.org/resources/documentation/Developer/Tools/Reference/gdomap.html > root casperd 1149 3 dgram -> /var/run/logpriv > root casperd 1149 4 stream -> ?? > root casperd 1149 6 stream /var/run/casper > root casperd 1148 5 stream -> ?? casperd is part of capsicum. You should probably keep this one. http://www.cl.cam.ac.uk/research/security/capsicum/freebsd.html -- +-------------------------------+------------------------------------+ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +-------------------------------+------------------------------------+ From owner-freebsd-current@FreeBSD.ORG Tue Jun 3 08:00:38 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 96D99F45 for ; Tue, 3 Jun 2014 08:00:38 +0000 (UTC) Received: from sam.nabble.com (sam.nabble.com [216.139.236.26]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7499B2992 for ; Tue, 3 Jun 2014 08:00:38 +0000 (UTC) Received: from [192.168.236.26] (helo=sam.nabble.com) by sam.nabble.com with esmtp (Exim 4.72) (envelope-from ) id 1Wrje9-0000rb-FL for freebsd-current@freebsd.org; Tue, 03 Jun 2014 01:00:37 -0700 Date: Tue, 3 Jun 2014 01:00:37 -0700 (PDT) From: Beeblebrox To: freebsd-current@freebsd.org Message-ID: In-Reply-To: References: <1401778952788-5917302.post@n5.nabble.com> Subject: Re: jail sockstat shows gdnc, gdomap, casperd as enabled MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.18 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2014 08:00:38 -0000 Hi Trond, These two are related to GNUstep. If your jails don't run GNUstep, why > is GNUstep installed in the first place? > I know that they are related to GNUstep (although I have no idea what GNUstep actually does other than act as a messaging system probably like dbus). Anyway, I don't understand how & why they start up and that's exactly my question. The only insight I can provide, is that /usr/local is null_mounted on to jail/usr/local, but that should not really have this effect. > casperd is part of capsicum. You should probably keep this one. > I figured as much re capsicum. So the question becomes "should all jails be running capsicum in this case"? Regards. ----- FreeBSD-11-current_amd64_root-on-zfs_RadeonKMS -- View this message in context: http://freebsd.1045724.n5.nabble.com/jail-sockstat-shows-gdnc-gdomap-casperd-as-enabled-tp5917302p5917311.html Sent from the freebsd-current mailing list archive at Nabble.com. From owner-freebsd-current@FreeBSD.ORG Tue Jun 3 08:12:13 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BE07B437 for ; Tue, 3 Jun 2014 08:12:13 +0000 (UTC) Received: from theravensnest.org (theraven.freebsd.your.org [216.14.102.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "cloud.theravensnest.org", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 868362B11 for ; Tue, 3 Jun 2014 08:12:13 +0000 (UTC) Received: from [192.168.0.96] (cpc14-cmbg15-2-0-cust307.5-4.cable.virginm.net [82.26.1.52]) (authenticated bits=0) by theravensnest.org (8.14.7/8.14.7) with ESMTP id s538C949067789 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 3 Jun 2014 08:12:11 GMT (envelope-from theraven@FreeBSD.org) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) Subject: Re: jail sockstat shows gdnc, gdomap, casperd as enabled From: David Chisnall In-Reply-To: Date: Tue, 3 Jun 2014 09:12:02 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: <9A0F870A-0DF1-4C02-A0EB-5D23A730191D@FreeBSD.org> References: <1401778952788-5917302.post@n5.nabble.com> To: Beeblebrox X-Mailer: Apple Mail (2.1874) Cc: freebsd-current@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2014 08:12:13 -0000 On 3 Jun 2014, at 09:00, Beeblebrox wrote: > I know that they are related to GNUstep (although I have no idea what > GNUstep actually does other than act as a messaging system probably = like > dbus). Anyway, I don't understand how & why they start up and that's > exactly my question. The only insight I can provide, is that = /usr/local is > null_mounted on to jail/usr/local, but that should not really have = this > effect. gdomap is the service that GNUstep uses for distributed objects. gdnc is the service that GNUstep uses for distributed (broadcast) = notifications. They are both started on demand. If they're running in your jail, then = it most likely means that something inside your jail has started them. Both gdomap and gdnc are intended to allow messaging between computers = on the local network and so will bind to a public IP. Given that = neither of them has had any kind of serious security auditing (or even = anyone trying to fuzz their parsers), I'd strongly recommend firewalling = them off from the outside world. David