Date: Sun, 15 Feb 2004 21:35:46 +0100 From: "Poul-Henning Kamp" <phk@phk.freebsd.dk> To: Kris Kennaway <kris@obsecurity.org> Cc: Julian Elischer <julian@elischer.org> Subject: Re: cvs commit: src/sys/kern kern_jail.c Message-ID: <16173.1076877346@critter.freebsd.dk> In-Reply-To: Your message of "Sun, 15 Feb 2004 12:12:38 PST." <20040215201238.GA52924@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20040215201238.GA52924@xor.obsecurity.org>, Kris Kennaway writes: > >--mP3DRpeJDSE+ciuQ >Content-Type: text/plain; charset=us-ascii >Content-Disposition: inline > >On Sun, Feb 15, 2004 at 08:34:21AM -0800, Julian Elischer wrote: > >> you sometimes need to be able to know you are in a jail so that you can >> know not to attempt things that are not permitted in jails.. >> (e.g. pings, or ifconfig'ing network interfaces) > >If you try to ping or ifconfig and discover that you can't, you're in >a jail. Here is the canonical "injail.c" program: #include <stdio.h> #include <sys/types.h> #include <sys/sysctl.h> #include <sys/param.h> #include <sys/user.h> /* * Exit 0 = no * Exit 1 = maybe * Exit 2 = yes */ int main(int argc, char **argv) { int mib[4]; int i, l; struct kinfo_proc buf; mib[0] = CTL_KERN; mib[1] = KERN_PROC; mib[2] = KERN_PROC_PID; mib[3] = getpid(); l = sizeof buf; i = sysctl(mib, 4, &buf, &l, NULL, 0); if (i != 0 || l != sizeof buf) exit(1); if (buf.kp_proc.p_flag & P_JAILED) exit(2); exit (0); } -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?16173.1076877346>