From owner-freebsd-security@FreeBSD.ORG Thu Jul 14 16:52:53 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7A49E16A41C for ; Thu, 14 Jul 2005 16:52:53 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: from zaphod.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id CCD1F43D49 for ; Thu, 14 Jul 2005 16:52:52 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id 3A0AF11A79; Thu, 14 Jul 2005 18:52:51 +0200 (CEST) Date: Thu, 14 Jul 2005 18:52:51 +0200 From: "Simon L. Nielsen" To: Avleen Vig Message-ID: <20050714165250.GA972@zaphod.nitro.dk> References: <20050714162656.GH11612@silverwraith.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="a8Wt8u1KmwUX3Y2C" Content-Disposition: inline In-Reply-To: <20050714162656.GH11612@silverwraith.com> User-Agent: Mutt/1.5.9i Cc: freebsd-security@freebsd.org Subject: Re: [ronvdaal@zarathustra.linux666.com: Possible security issue with FreeBSD 5.4 jailing and BPF] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jul 2005 16:52:53 -0000 --a8Wt8u1KmwUX3Y2C Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2005.07.14 09:26:56 -0700, Avleen Vig wrote: > This message was sent to bugtraq today: Please see the thread on full-disclosure as to why this is not an issue. http://lists.grok.org.uk/pipermail/full-disclosure/2005-July/035036.html Unfortunately the poster sent separate mails to full-disclosure and bugtraq, so the followups where only set to full-disclosure (since we saw the mail first there). > While playing around with FreeBSD 5.4 and jailing I discovered that it was > possible to put an ethernet interface into promiscious mode from within t= he > jailed environment, allowing a packetsniffer to gather data not meant for > the jailed box. This also affects FreeBSD 5.3 (tested) but not FreeBSD 4.= x=20 > This can be reproduced on boxes where BPF support is enabled in the kerne= l=20 > and a BPF device is available in the jail (badly configured devfs/no rule= s) [...] --=20 Simon L. Nielsen --a8Wt8u1KmwUX3Y2C Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFC1phih9pcDSc1mlERArK8AKCyjLnHW4VZ/1e2lOv2dcuQp8QNYgCgsBzl D9EMAVDLnjkIlvqxD/V61Mk= =GDb9 -----END PGP SIGNATURE----- --a8Wt8u1KmwUX3Y2C--