From owner-freebsd-hackers  Thu Sep 26  3:28:14 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 94D4737B401
	for <freebsd-hackers@FreeBSD.org>; Thu, 26 Sep 2002 03:28:13 -0700 (PDT)
Received: from viefep11-int.chello.at (viefep11-int.chello.at [213.46.255.27])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5DFCE43E81
	for <freebsd-hackers@FreeBSD.org>; Thu, 26 Sep 2002 03:28:12 -0700 (PDT)
	(envelope-from matuska@wu-wien.ac.at)
Received: from martin ([80.108.14.239]) by viefep11-int.chello.at
          (InterMail vM.5.01.05.12 201-253-122-126-112-20020820) with SMTP
          id <20020926102811.OWVQ25370.viefep11-int.chello.at@martin>
          for <freebsd-hackers@FreeBSD.org>;
          Thu, 26 Sep 2002 12:28:11 +0200
Message-ID: <000701c26547$9a44d1c0$0200a8c0@martin>
From: "Martin Matuska" <matuska@wu-wien.ac.at>
To: <freebsd-hackers@FreeBSD.org>
Subject: Security of a JAIL UDP patch
Date: Thu, 26 Sep 2002 12:29:32 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

I would like to ask which aspects has this patch on security of a jailed
environment.
This patch enables the use of named or ircd in jails.

--- in_pcb.c.old	Mon Mar 18 23:57:57 2002
+++ in_pcb.c	Tue Mar 19 09:52:45 2002
@@ -501,6 +501,8 @@
 	int error;

 	if (inp->inp_laddr.s_addr == INADDR_ANY && p->p_prison != NULL) {
+		if (inp->inp_lport != 0)
+			inp->inp_laddr.s_addr = htonl(p->p_prison->pr_ip);
 		bzero(&sa, sizeof (sa));
 		sa.sin_addr.s_addr = htonl(p->p_prison->pr_ip);
 		sa.sin_len=sizeof (sa);

Patch author was Lamont Granquist lamont@scriptkiddie.org
Reference:
http://www.freebsd.org/cgi/getmsg.cgi?fetch=393634+395986+/usr/local/www/db/
text/2002/freebsd-stable/20020331.freebsd-stable

Thank you very much


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message