Date: Mon, 17 Mar 2003 10:06:27 +0300 (MSK) From: "."@babolo.ru To: Jared Mauch <jared@puck.nether.net> Cc: Mooneer Salem <mooneer@translator.cx>, freebsd-hackers@FreeBSD.ORG Subject: Re: jail support for ping, traceroute, etc.. crude hack Message-ID: <1047884787.866448.882.nullmailer@cicuta.babolo.ru> In-Reply-To: <20030317005641.GA8288@puck.nether.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sun, Mar 16, 2003 at 02:30:36PM -0800, Mooneer Salem wrote: > > When i was looking at this i was somewhat frustated with > the way suser() doesn't really allow any sort of a context-of-check > to happen easily that i was able to find. ie, was it for a networking > check, filesystem, etc.. so my first stab at this ended up with > every user being able to do raw ip packets which was bad.. i > ended up doing the p->p_prison save hack instead to get the result > then applied the prison policy there. It is time to invent "ping socket" and "traceroute socket" in addition to tcp, udp, divert so on? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1047884787.866448.882.nullmailer>