From owner-freebsd-hackers Sun Mar 16 14:30:46 2003 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D42BC37B401 for ; Sun, 16 Mar 2003 14:30:43 -0800 (PST) Received: from gull.mail.pas.earthlink.net (gull.mail.pas.earthlink.net [207.217.120.84]) by mx1.FreeBSD.org (Postfix) with ESMTP id D2A9743F93 for ; Sun, 16 Mar 2003 14:30:42 -0800 (PST) (envelope-from mooneer@translator.cx) Received: from pool0071.cvx31-bradley.dialup.earthlink.net ([209.179.146.71] helo=morpheus) by gull.mail.pas.earthlink.net with smtp (Exim 3.33 #1) id 18ugeL-0004tB-00; Sun, 16 Mar 2003 14:30:38 -0800 From: "Mooneer Salem" To: "Jared Mauch" , Subject: RE: jail support for ping, traceroute, etc.. crude hack Date: Sun, 16 Mar 2003 14:30:36 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 In-Reply-To: <20030316211400.GE32478@puck.nether.net> Importance: Normal Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, This patch is interesting. To my understanding though, ipfw uses RAW sockets to communicate with the kernel. Therefore, it might be possible to edit the ipfw table from within the jail, which may be a bad thing. Just a thought. Thanks, -- Mooneer Salem GPLTrans: http://www.translator.cx/ lifeafterking.org: http://www.lifeafterking.org/ -----Original Message----- From: owner-freebsd-hackers@FreeBSD.ORG [mailto:owner-freebsd-hackers@FreeBSD.ORG]On Behalf Of Jared Mauch Sent: Sunday, March 16, 2003 1:14 PM To: freebsd-hackers@freebsd.org Subject: jail support for ping, traceroute, etc.. crude hack so, i am working on building a "super-server" for me and several friends to collaborate with on the money front to put our machine in a colo location, etc.. and still have good access to networking resources. as a result, i needed to modify the FreeBSD kernel such that it will allow us to use ping, traceroute and other tools. obviously we know there will be some underlying security issues associated but we are sophisticated to understand the nature of these and they are an 'acceptable' situation. my diffs are available at http://puck.nether.net/~jared/fbsd-4.8-rc1-diff-jail-raw_ip.txt and are against the 4.8-rc1 /usr/src/sys tree yeah, they're crude but it gets the desired job done. there is a sysctl to control it, so if its not the desired operation it can be easily tweaked. send me comments. enjoy, - jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message