Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 30 May 2003 14:07:15 -0700
From:      "Mooneer Salem" <mooneer@translator.cx>
To:        "Alexandr Kovalenko" <never@nevermind.kiev.ua>, <freebsd-hackers@freebsd.org>
Subject:   RE: jail && (ping && traceroute)
Message-ID:  <FHEMJMOKKMJDGKFOHHEPIEHCHAAA.mooneer@translator.cx>
In-Reply-To: <20030530143542.GA72040@nevermind.kiev.ua>

next in thread | previous in thread | raw e-mail | index | archive | help
Hello,

It involves allowing all applications inside the jail access to raw sockets.
Raw sockets are also responsible
for ipfw and other services; therefore, it may be prudent to add separate
sysctl settings allowing/denying
access to those. I have a patch that does allow raw sockets and allows
people inside a jail to add ipfw rules
for their own IP address(es), among other things. See
http://msalem.translator.cx/dist/jail_separation.v7.patch
(for 5.0-RELEASE). :)

Thanks,

--
Mooneer Salem
GPLTrans: http://www.translator.cx/
lifeafterking.org: http://www.lifeafterking.org/

-----Original Message-----
From: owner-freebsd-hackers@freebsd.org
[mailto:owner-freebsd-hackers@freebsd.org]On Behalf Of Alexandr Kovalenko
Sent: Friday, May 30, 2003 7:36 AM
To: freebsd-hackers@freebsd.org
Subject: jail && (ping && traceroute)


[Please Cc: me on reply]

Hello,

I have 2 questions:

 - where in code should I search for icmp socket binding prohibition in
   jail?;
 - what bad consequences will appear if I remove those checks and
   prohibition?.

Thanks in advance!

--
NEVE-RIPE, will build world for food
Ukrainian FreeBSD User Group
http://uafug.org.ua/
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"







Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FHEMJMOKKMJDGKFOHHEPIEHCHAAA.mooneer>