Date: Mon, 31 May 2004 17:30:26 -0700 From: "Christian S.J. Peron" <csjp@freebsd.org> To: current@freebsd.org Subject: raw socket+prison warning Message-ID: <20040601003026.GA76645@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
For those of you not subscribed to src-committers@FreeBSD.org, cvs-src@FreeBSD.org or cvs-all@FreeBSD.org, I just committed a warning note in jail(8) for the security.jail.allow_raw_sockets sysctl MIB about the risks of enabling raw sockets in prisons. Because raw sockets can be used to configure and interact with various network subsystems, extra caution should be used where privileged access to jails is given out to untrusted parties. As such, by default this option is disabled. A few others and I are currently auditing the kernel source code to ensure that the use of raw sockets by privledged prison users is safe. -- Christian S.J. Peron csjp@FreeBSD.org FreeBSD committer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040601003026.GA76645>