Date: Mon, 31 May 2004 17:25:44 -0700 (PDT) From: "Christian S.J. Peron" <csjp@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/usr.sbin/jail jail.8 Message-ID: <200406010025.i510PiHp092384@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
csjp 2004/05/31 17:25:44 PDT
FreeBSD src repository
Modified files:
usr.sbin/jail jail.8
Log:
Add a warning note to security.jail.allow_raw_sockets
about the risks of enabling raw sockets in prisons.
Because raw sockets can be used to configure and interact
with various network subsystems, extra caution should be
used where privileged access to jails is given out to
untrusted parties. As such, by default this option is disabled.
A few others and I are currently auditing the kernel
source code to ensure that the use of raw sockets by
privledged prison users is safe.
Approved by: bmilekic (mentor)
Revision Changes Path
1.54 +4 -1 src/usr.sbin/jail/jail.8
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200406010025.i510PiHp092384>