From owner-cvs-src@FreeBSD.ORG Mon May 31 17:25:45 2004 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 05AA416A4CE; Mon, 31 May 2004 17:25:45 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id F25FB43D45; Mon, 31 May 2004 17:25:44 -0700 (PDT) (envelope-from csjp@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.11/8.12.11) with ESMTP id i510Pisd092385; Mon, 31 May 2004 17:25:44 -0700 (PDT) (envelope-from csjp@repoman.freebsd.org) Received: (from csjp@localhost) by repoman.freebsd.org (8.12.11/8.12.11/Submit) id i510PiHp092384; Mon, 31 May 2004 17:25:44 -0700 (PDT) (envelope-from csjp) Message-Id: <200406010025.i510PiHp092384@repoman.freebsd.org> From: "Christian S.J. Peron" Date: Mon, 31 May 2004 17:25:44 -0700 (PDT) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Subject: cvs commit: src/usr.sbin/jail jail.8 X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jun 2004 00:25:45 -0000 csjp 2004/05/31 17:25:44 PDT FreeBSD src repository Modified files: usr.sbin/jail jail.8 Log: Add a warning note to security.jail.allow_raw_sockets about the risks of enabling raw sockets in prisons. Because raw sockets can be used to configure and interact with various network subsystems, extra caution should be used where privileged access to jails is given out to untrusted parties. As such, by default this option is disabled. A few others and I are currently auditing the kernel source code to ensure that the use of raw sockets by privledged prison users is safe. Approved by: bmilekic (mentor) Revision Changes Path 1.54 +4 -1 src/usr.sbin/jail/jail.8