Date: Sun, 16 Mar 2003 14:30:36 -0800 From: "Mooneer Salem" <mooneer@translator.cx> To: "Jared Mauch" <jared@puck.Nether.net>, <freebsd-hackers@freebsd.org> Subject: RE: jail support for ping, traceroute, etc.. crude hack Message-ID: <FHEMJMOKKMJDGKFOHHEPIEELFIAA.mooneer@translator.cx> In-Reply-To: <20030316211400.GE32478@puck.nether.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, This patch is interesting. To my understanding though, ipfw uses RAW sockets to communicate with the kernel. Therefore, it might be possible to edit the ipfw table from within the jail, which may be a bad thing. Just a thought. Thanks, -- Mooneer Salem GPLTrans: http://www.translator.cx/ lifeafterking.org: http://www.lifeafterking.org/ -----Original Message----- From: owner-freebsd-hackers@FreeBSD.ORG [mailto:owner-freebsd-hackers@FreeBSD.ORG]On Behalf Of Jared Mauch Sent: Sunday, March 16, 2003 1:14 PM To: freebsd-hackers@freebsd.org Subject: jail support for ping, traceroute, etc.. crude hack so, i am working on building a "super-server" for me and several friends to collaborate with on the money front to put our machine in a colo location, etc.. and still have good access to networking resources. as a result, i needed to modify the FreeBSD kernel such that it will allow us to use ping, traceroute and other tools. obviously we know there will be some underlying security issues associated but we are sophisticated to understand the nature of these and they are an 'acceptable' situation. my diffs are available at http://puck.nether.net/~jared/fbsd-4.8-rc1-diff-jail-raw_ip.txt and are against the 4.8-rc1 /usr/src/sys tree yeah, they're crude but it gets the desired job done. there is a sysctl to control it, so if its not the desired operation it can be easily tweaked. send me comments. enjoy, - jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FHEMJMOKKMJDGKFOHHEPIEELFIAA.mooneer>