Date: Thu, 14 Jul 2005 18:52:51 +0200 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Avleen Vig <lists-freebsd@silverwraith.com> Cc: freebsd-security@freebsd.org Subject: Re: [ronvdaal@zarathustra.linux666.com: Possible security issue with FreeBSD 5.4 jailing and BPF] Message-ID: <20050714165250.GA972@zaphod.nitro.dk> In-Reply-To: <20050714162656.GH11612@silverwraith.com> References: <20050714162656.GH11612@silverwraith.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On 2005.07.14 09:26:56 -0700, Avleen Vig wrote: > This message was sent to bugtraq today: Please see the thread on full-disclosure as to why this is not an issue. http://lists.grok.org.uk/pipermail/full-disclosure/2005-July/035036.html Unfortunately the poster sent separate mails to full-disclosure and bugtraq, so the followups where only set to full-disclosure (since we saw the mail first there). > While playing around with FreeBSD 5.4 and jailing I discovered that it was > possible to put an ethernet interface into promiscious mode from within the > jailed environment, allowing a packetsniffer to gather data not meant for > the jailed box. This also affects FreeBSD 5.3 (tested) but not FreeBSD 4.x > This can be reproduced on boxes where BPF support is enabled in the kernel > and a BPF device is available in the jail (badly configured devfs/no rules) [...] -- Simon L. Nielsen [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFC1phih9pcDSc1mlERArK8AKCyjLnHW4VZ/1e2lOv2dcuQp8QNYgCgsBzl D9EMAVDLnjkIlvqxD/V61Mk= =GDb9 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050714165250.GA972>